50621 matches found
Online DJ Booking Management System 1.0 Cross Site Scripting
Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Date: 2021-10-06 Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0...
Google SLO-Generator 2.0.0 Code Execution
Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Date: 2021-09-28 Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives...
VMware vCenter Server Analytics (CEIP) Service File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...
Online Traffic Offense Management System 1.0 Cross Site Scripting
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter xtables Heap OOB Write Privilege Escalation', 'Description' = %q A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was...
Online Traffic Offense Management System 1.0 Shell Upload
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Simple Online College Entrance Exam System 1.0 SQL Injection
Exploit Title: Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Date: 07.10.2021 Exploit Author: Mevlüt Yılmaz Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Online-Food-Ordering-Web-App SQL Injection
CVE-2021-41647 SQL Injection in Online-Food-Ordering-Web-App The Online-Food-Ordering-Web-App is vulnerable to un-authenticated error and time-based blind SQL Injection attacks. The username parameter on the /login.php page does not sanitize the user input, an attacker is able to bypass the login...
WordPress BulletProof Security 5.1 Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
Odine Solutions GateKeeper 1.0 SQL Injection
Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Date: 05.10.2021 Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubunt...
G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation
DATA Anti-Virus: Abusing OpenSSL to get local admin Metadata =================================================== Release Date: 05-Oct-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: G Data’s Security Client “EndpointProtection Enterprise” Fixed in: all versions after...
High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: High Infinity Technology HiKam S6 vulnerable version: =1.3.26 fixed version: CVE number: impact: Critical homepage:...
Dahua Authentication Bypass
STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...
Apache HTTP Server 2.4.49 Path Traversal
Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 =3D=3D '' ; $2...
Try My Recipe SQL Injection
https://www.sourcecodester.com/php/14964/try-my-recipe-recipe-sharing-website-cms-php-and-sqlite-free-source-code.html CVE-nu11-17-092921 Vendor MySQL Vulnerability Description: The cid parameter appears on Recipe Sharing Website - CMS by:oretnom23 to be vulnerable to SQL injection attacks. The...
Tapatalk Plugins PHP Object Injection
Advisory: Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allow to attackers execute PHP code, SQL injection or Denial of Service. No authorization or some extra steps need, so vulnerability considered critical. Details...
WordPress TheCartPress 1.5.3.6 Privilege Escalation
Exploit Title: Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation Unauthenticated Google Dork: inurl:/wp-content/plugins/thecartpress/ Date: 04/10/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugin/thecartpress Version: spacehen www.github.com/spacehen" def...
HackTool.Win32.Agent.gi Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e60606d19a36789662ba97b4bb5c4ccf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Agent.gi Vulnerability: Local Stack Buffer Overflow SEH Description: The Hack Office...
Atlassian Jira Server/Data Center 8.4.0 File Read
Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤...
WordPress MStore API 2.0.6 Shell Upload
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...
Backdoor.Win32.Yoddos.an Unquoted Service Path
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bf2417bf23a3b7ae2e44676882b4b9dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Yoddos.an Vulnerability: Insecure Service Path Description: The malware creates a...
Backdoor.Win32.Prorat.lkt Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dec8f9042986d64e29d62effb482290bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.lkt Vulnerability: Port Bounce Scan MITM Description: The ProSpy Server V1.9...
Backdoor.Win32.Hupigon.gy Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/be74cbb86c007309d8004d910f5270f7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.gy Vulnerability: Unauthenticated Open Proxy Description: The malware listens...
Backdoor.Win32.Prorat.lkt Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dec8f9042986d64e29d62effb482290b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.lkt Vulnerability: Weak Hardcoded Password Description: The ProSpy Server V1.9...
Atlassian Confluence Server 7.5.1 Arbitrary File Read
Exploit Title: Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability Date: 2021-10-05 Exploit Author: Mayank Deshmukh Author email: [email protected] Vendor Homepage: https://www.atlassian.com/ Software Link:...
Trojan-PSW.Win32.PdPinch.gen Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e4fbfeb6f7a98e437a497013b285ffc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-PSW.Win32.PdPinch.gen Vulnerability: Remote Denial of Service Description: The malware listen...
Virus.Win32.Renamer.a Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/001fc372acc853aa1cf92588a43a7deb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Renamer.a Vulnerability: Insecure Permissions Description: The malware creates an dir wi...
Student Quarterly Grading System 1.0 SQL Injection
Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Date: 04.10.2021 Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...
Backdoor.Win32.LolBot.gen Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/56a93a2a0a4c6a09e2761f2e0351b020.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LolBot.gen Vulnerability: Insecure Permissions Description: The malware creates an...
Backdoor.Win32.Bifrose.ahyg Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d6aff119c03ff378d386b30b36b07a69.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.ahyg Vulnerability: Insecure Permissions Description: The malware creates an...
HEUR.Trojan.Win32.Generic Unquoted Service Path
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e4b6c5bd907995f6fd40c5eeab5c6e9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Service Path Description: The malware creates a...
Vehicle Service Managment System 1.0 Shell Upload
Exploit Title: Vehicle Service Managment 1.0 - RCE Unauthenticated Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Young Entrepreneur E-Negosyo System 1.0 SQL Injection
Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-02 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...
Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting
Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...
Company's Recruitment Management System SQL Injection
Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...
College Management System 1.0 Arbitrary File Upload
Exploit Title: college management system - Arbitrary File Upload Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Versio...
Lifestyle Store 1.0 Cross Site Scripting
Exploit Title: Lifestyle Store Online Shop Store 1.0 - Reflected Cross-Site Scripting XSS Date: 2021-09-30 Author: Abdulrahman https://twitter.com/infosec90 Software Link: https://download-media.code-projects.org/2021/07/OnlineShopStoreInPHPWithSourceCode.zip Version: 1.0.0 Tested on: Kali Linux ...
College Management System 1.0 SQL Injection
Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...
College Management System 1.0 Insecure Direct Object Reference
Exploit Title: college management system - Add admin Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version: 1.0 Teste...
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...
Local Offices Contact Directory Site SQL Injection
https://www.sourcecodester.com/php/14973/local-offices-contact-directory-site-using-php-and-sqlite-free-source-code.html Vendor: href Description: The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app "Local Offices Contact Directories Site" by...
Gatekeeper Bypass Proof Of Concept
!/bin/zsh -e This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the...
College Management System 1.0 Cross Site Scripting
Exploit Title: college management system - Stored Cross-Site Scripting XSS Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link:...
Vehicle Service Management System 1.0 SQL Injection
Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Open Game Panel Remote Code Execution
Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...
Lodging Reservation Management System 1.0 SQL Injection
Exploit Title: Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...
Payara Micro Community 5.2021.6 Directory Traversal
Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Date: 01/10/2021 Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link:...
Exam Form Submission System 1.0 SQL Injection
Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Date: 30-09-2021 Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMP...
Phpwcms 1.9.30 Cross Site Scripting
Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload...
WhatsUpGold 21.0.3 Cross Site Scripting
Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Date: 09.17.2021 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference:...