50748 matches found
Message System 1.0 Cross Site Scripting
Title: Message System 1.0 1.0 XSS Stored Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...
Medical Hub Directory Site 1.0 SQL Injection
Title: Medical Hub Directory Site 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip...
Spring Cloud Function SpEL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Function SpEL Injection', 'Description' = %q Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code...
Medical Hub Directory Site 1.0 Cross Site Scripting
Title: Medical Hub Directory Site 1.0 XSS Stored Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...
WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion
Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version:...
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i metadata$i'type'; 118. 119. if $type == 'file' || $type == 'unix file' 120. 121. $buffer = $this-metadata$i'data'; 122. $path = Path::clean$destination . '/'...
Medical Hub Directory Site 1.0 Local File Inclusion
Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...
WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting
Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...
Kramer VIAware 2.5.0719.1034 Remote Code Execution
Exploit Title: Kramer VIAware 2.5.0719.1034 - Remote Code Execution RCE Date: 28/03/2022 Exploit Author: sharkmoos & BallO Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: 2.5.0719.1034 Tested on: ViaWare Go Windows 10 CVE :...
PostgreSQL 11.7 Remote Code Execution
Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Date: 2022-03-29 Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on:...
WordPress Clipr 1.2.3 Cross Site Scripting
Exploit Title: WordPress plugin clipr version 1.2.3 - Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/clipr/ Version: 1.2.3 Tested on: Firefox Contact me: h at spidersilk.com POC - Install Plugin...
CSZ CMS 1.2.9 SQL Injection
Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQL Injection Authenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali...
Medical Hub Directory Site 1.0 Shell Upload
Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...
Medical Hub Directory Site 1.0 SQL Injection
Exploit Title: Medical Hub Directory Site - 'id' SQL Injection Date: 30/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Version: 1.0 Tested on:...
WordPress Curtain 1.0.2 Cross Site Request Forgery
Exploit Title: WordPress Plugin curtain 1.0.2 - CSRF Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: Cross site forgery vulnerability has been...
Atom CMS 1.0.2 Shell Upload
Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...
WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting
Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 - Stored Cross Site Scripting Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/donorbox-donation-form Version: 7.1.6 Tested on: Firefox Contact me: h at...
WordPress CleanTalk 5.173 Cross Site Scripting
Description: Reflected Cross-Site Scripting Affected Plugin: Spam protection, AntiSpam, FireWall by CleanTalk Plugin Slug: cleantalk-spam-protect Plugin Developer: CleanTalk Affected Versions: = 5.173 CVE ID: CVE-2022-28221 CVSS Score: 6.1 Medium CVSS Vector:...
WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion
Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/...
Message System 1.0 Local File Inclusion
Title: Message System 1.0 LFI To RCE Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07ksa...
Sports Complex Booking System 1.0 Local File Inclusion
Title: Sports Complex Booking System 1.0 LFI To RCE Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip...
Fingerprint Attendance 1.0 SQL Injection
Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQ...
Fingerprint Attendance 1.0 Account Takeover
Title: Fingerprint Attendance 1.0 Account Takeover Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache...
Fingerprint Attendance 1.0 Shell Upload
Title: Fingerprint Attendance 1.0 Shell Upload Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache...
Message System 1.0 Shell Upload
Title: Message System 1.0 Shell Upload Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07k...
Razer Synapse 3.6.x DLL Hijacking
Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...
Online Banking System 1.0 SQL Injection
Title: Online Banking System v1.0 SQLi Author: nu11secur1ty Date: 03.27.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html Reference:...
Covid-19 Directory On Vaccination System 1.0 SQL Injection
Title: Covid-19 Directory on Vaccination System 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html Software:...
PDF Generator Web Application 1.0 SQL Injection
Exploit Title: PDF Generator Web Application - 'multiple' Blind SQL Injection Date: 26/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Royale Event Management System 1.0 Privilege Escalation
Exploit Title: Royale Event Management System 1.0 - Authentication Bypass Date: 25/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Version: 1.0 Tested on: Linux Title: ================ Royale Event...
Royale Event Management System 1.0 Cross Site Scripting
Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting Stored unauthenticated Date: 17/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title:...
Microfinance Management System 1.0 Cross Site Scripting
Exploit Title: Microfinance Management System 1.0 - Cross-site scripting stored unauthenticated Date: 23/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance...
Covid-19 Directory On Vaccination System 1.0 SQL Injection
Exploit Title: Covid-19 Directory on Vaccination System 1.0 - SQLi Authentication Bypass Date: 28/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Backdoor.Win32.Chubo.c Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Cross Site Scripting XSS Family: Chubo Type: Web Panel MD5:...
Backdoor.Win32.Cafeini.b Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Family: Cafeini Type: PE32 MD5:...
Backdoor.Win32.Chubo.c Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Unauthenticated Remote Command Execution Family: Chubo Type:...
WordPress Admin Word Count Column 2.2 Local File Inclusion
Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...
Backdoor.Win32.Avstral.e Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/35f0d754f161af35241cb081c73ea6dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Avstral.e Vulnerability: Unauthenticated Remote Command Execution Family: Avstral Typ...
Backdoor.Win32.Cafeini.b Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Denial of Service Family: Cafeini Type: PE32 MD5:...
PDF Generator Web App Using TCPDF 1.0 Local File Inclusion
Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Backdoor.Win32.Cyn.20 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3dd1da64e306cae0409e154e15dd1b80.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cyn.20 Vulnerability: Insecure Permissions Description: The malware writes a ".EXE"...
Pay Slip PDF Generator System 1.0 SQL Injection
Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...
Pay Slip PDF Generator System 1.0 Shell Upload
Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...
Microfinance Management System 1.0 SQL Injection
Exploit Title: Microfinance Management System 1.0 - Authentication Bypass SQL Injection Date: 23/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance Managemen...
One Church Management System 1.0 Cross Site Scripting
Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Date: 17/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One...
ALLMediaServer 1.6 Remote Buffer Overflow
Exploit Title: ALLMediaServer 1.6 Remote Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-03-25 Vendor Homepage: https://www.allmediaserver.org/ Software Link : https://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested Version: 1.6 Vulnerability Type: Buffer Overflow D...
FruityWifi Remote Code Execution
!/usr/bin/python3 -- coding: utf-8 -- usage: ./akhlutprowlingterror.py http://phishingsiteurl text=''' -o==============o- ████ ██████ ██████ ██ ██ ██████ ▓▓ ██ ██████ ██ ██████ ██▓▓ ██ ██████ ▓▓ ██ ▒▒ ██ ████ ▓▓ ██ ██████ ██▓▓ ████ ██████ ▓▓████ ██ ▓▓ ██████ ████████ ████▓▓ ██████ ██████ ████████...
One Church Management System 1.0 SQL Injection
Exploit Title: One Church Management System 1.0 - attendancy.php search2 SQL Injection Date: 18/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================...
RTLO Injection URI Spoofing
Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search...
Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload
Exploit Title: Foxit PDF Editor iOS - Arbitrary File Upload Unauthenticated Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.foxit.com Software Link: https://apps.apple.com/us/app/foxit-pdf-editor/id507040546 Version: 11.3.1 Tested: iPhone 6 iOS 12.4.7 Contact:...