50630 matches found
SmarterTools SmarterTrack 7922 Information Disclosure
Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure Google Dork: intext:"Powered by SmarterTrack" Date: 23/01/2020 Exploit Author: Andrei Manole Vendor Homepage: https://www.smartertools.com/ Software Link: https://www.smartertools.com/smartertrack Version: TESTED ON...
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE ID: CVE-2021-31606 Subject: Authorization Bypass Severity: Medium Effect: Denial of Service Author: Emanuel Duss...
OpenVPN Monitor 1.1.3 Command Injection
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID: CVE-2021-31605 Subject: OpenVPN Management Socket Command Injection Severity: High Effect: Denial of Service...
OpenVPN Monitor 1.1.3 Cross Site Request Forgery
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Site Request Forgery CSRF Severity: Medium Effect: Denial of Service Author:...
Gurock Testrail 7.2.0.3014 Improper Access Control
Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...
Police Crime Record Management Project 1.0 SQL Injection
Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi Exploit Author: t//\1 Date: 23/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Tested on: Linux Version: 1.0 Exploit Description: The application is prone to an...
Pharmacy Point Of Sale System 1.0 SQL Injection
Exploit Title: Pharmacy Point of Sale System v1.0 - SQLi Authentication Bypass Date: 23.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery
Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Date: 2/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water...
WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting
Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting XSS Date: 15/2/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Version: 3.1.7 Tested on: Windows 10 CVE: CVE-2021-24169 1. Description: This plugin...
WordPress 3DPrint Lite 1.9.1.4 Shell Upload
Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage:...
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
Exploit Title: Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery CSRF Exploit Author: V1n1v131r4 Date: 2021-09-22 Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.20.0/backdrop.zip Version: 1.20.0 Tested On: Kali Linux,...
Redragon Gaming Mouse Denial Of Service
Exploit Title: Redragon Gaming Mouse - 'REDRAGONMOUSE.sys' Denial-Of-Service PoC Date: 27/08/2021 Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.redragonzone.com/pages/download Reference:...
TotalAV 5.15.69 Unquoted Service Path
Exploit Title: TotalAV - Unquoted Service Path Date: 2021-09-22 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.totalav.com Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe Version: 5.15.69 Tested on:...
OpenCats 0.9.4-2 XML Injection
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
Online Reviewer System 1.0 Shell Upload
Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
Cloudron 6.2 Cross Site Scripting
Exploit Title: Cloudron 6.2 - 'returnTo ' Cross Site Scripting Reflected Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 CVE : CVE-2021-40868 Proof of Concept: 1. Go to...
e107 CMS 2.3.0 Shell Upload
Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Date: 21-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content...
South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection
Exploit Title: South Gate Inn Online Reservation System v1.0 - Remote Code Execution Date: 21.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/10584/south-gate-inn-online-reservation-system.html Software Link:...
E-Negosyo System 1.0 SQL Injection
Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Date: 2021-09-22 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version:...
Simple Attendance System 1.0 SQL Injection
Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...
E-Negosyo System 1.0 Shell Upload
Exploit Title: E-Negosyo System 1.0 - Authenticated RCE Date: 2021-09-22 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category: Webapps...
Sentry 8.2.0 Remote Code Execution
Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...
Filerun 2021.03.26 Remote Code Execution
Exploit Title: Filerun 2021.03.26 - Remote Code Execution RCE Authenticated Date: 09/21/2021 Exploit Author: syntegris information solutions GmbH Credits: Christian P. Vendor Homepage: https://filerun.com Software Link:...
Trojan.Win32.Agent.xaamkd Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xaamkd Vulnerability: Insecure Permissions Description: The malware creates an di...
Yenkee Hornet Gaming Mouse Denial Of Service
Exploit Title: Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service PoC Date: 2021/04/07 Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.yenkee.eu/gaming-mouse-hornet-aim/yms-3029 Reference:...
ManageEngine OpManager SumPDU Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine OpManager SumPDU Java Deserialization', 'Description' = %q An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager...
WebsiteBaker 2.13.0 Remote Code Execution
Exploit Title: WebsiteBaker 2.13.0 - Remote Code Execution RCE Authenticated Date: 18-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://websitebaker.org/ Software Link: http://wiki.websitebaker.org/doku.php/en/downloads Version: 2.13.0 Category: Webapps Tested on:...
Budgets And Expense Tracker System 1.0 Shell Upload
Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Church Management System 1.0 SQL Injection / Code Execution
Exploit Title: Church Management System 1.0 - Authentication Bypass via SQLi + RCE Date: 21.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Backdoor.Win32.Minilash.10.b Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Minilash.10.b Vulnerability: Remote Denial of Service UDP Datagram Description: The...
OpenCats 0.9.4 XML Injection
Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 Date : 20/09/2021 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph ...
Backdoor.Win32.Hupigon.asqx Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.asqx Vulnerability: Unauthenticated Open Proxy Description: The malware liste...
Online Food Ordering System 2.0 Shell Upload
Exploit Title: Online Food Ordering System 2.0 - Unauthenticated Remote Code Execution Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-19 Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Link:...
T-Soft E-Commerce 4 Cross Site Request Forgery
Exploit Title: T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux 2021.4 / xammp Category: WebApp Google Dork: intext:'T-Soft E-Ticaret Sistemleriyle...
Church Management System 1.0 Shell Upload
Exploit Title: Church Management System CMS-Website - Unauthenticated RCE Exploit Author: Abdullah Khawaja Date: 2021-09-17 Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Church Management System 1.0 SQL Injection
Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Date: 17/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Budget And Expense Tracker System 1.0 SQL Injection
Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass Exploit Author: Prunier Charles-Yves Date: September 20, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Maxpatrol 8 / Xspider Denial Of Service
Exploit Title: Positive Technologies Maxpatrol 8 & Xspider Remote DoS Force clients disconect Date: 2020-08-20 Exploit Author: AsCiI Vendor Homepage: https://www.ptsecurity.com/ Affected Positive Technologies Maxpatrol 8 & Xspider Scanners Vulnerability reported in 09.2020. No reply from vendor...
WordPress 5.7 Media Library XML Injection
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...
WordPress WooCommerce Booster 5.4.3 Authentication Bypass
Exploit Title: WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass Date: 2021-09-16 Exploit Author: Sebastian Kriesten 0xB455 Contact: https://twitter.com/0xB455 Affected Plugin: Booster for WooCommerce Plugin Slug: woocommerce-jetpack Vulnerability disclosure:...
Cloudron 6.2 Cross Site Scripting
Exploit Title: Cloudron 6.2 - Cross Site Scripting Reflected Google Dork: N/A Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 Tested on: Demo / Localhost CVE : CVE-2021-31721 Proof of Concept: 1. Go to...
Geutebruck instantrec Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck instantrec Remote Command Execution', 'Description' = %q This module exploits a buffer overflow within the 'action' parameter of the...
Library Management System 1.0 SQL Injection
Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...
Simple Attendance System 1.0 SQL Injection
Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Date: September 17, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Impress CMS 1.4.2 Remote Code Execution
Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.impresscms.org/ Software Link: https://www.impresscms.org/modules/downloads/ Version: 1.4.2 Category: Webapps Tested on: Linux/Windows...
Microsoft Windows cmd.exe Stack Buffer Overflow
Credits: John Page aka hyp3rlinx, malvuln + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line...
Git git-lfs Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git Remote Code Execution via git-lfs CVE-2020-27955', 'Description' = %q A critical vulnerability CVE-2020-27955 in Git Large File Storage Git...
Support Board 3.3.3 SQL Injection
Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Date: 29.08.2021 Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LT...
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Exploit Title: AlphaWeb XE - Authenticated Insecure File Upload leading to RCE CVE-2021-40845 Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb CVE: CVE-2021-40845...
Evolution CMS 3.1.6 Remote Code Execution
Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...