50786 matches found
Victor CMS 1.0 Shell Upload
Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...
WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...
Android Studio Privilege Escalation
Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if gradle-wrapper.properties set distributionUrl=https:// services.gradle.org/distributions/gradle-2.6-all.zip , then android studio will download and extract gradle-2.6-all.zip, jar file i...
SUPREMO 4.1.3.2348 Privilege Escalation
Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...
Library Management System 3.0 Cross Site Scripting
Exploit Title: Library Management System 3.0 - "Add Category" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://otsglobal.org/ Software Link: https://codecanyon.net/item/library-management-system-22/16965307 Affected Version: 3.0 Patched Version:...
Linux TIOCSPGRP Broken Locking
Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...
Sony Playstation 4 ValidationMessage::buildBubbleTree() Use-After-Free
const OFFSETELEMENTREFCOUNT = 0x10; const OFFSETJSABVIEWVECTOR = 0x10; const OFFSETJSABVIEWLENGTH = 0x18; const OFFSETLENGTHSTRINGIMPL = 0x04; const OFFSETHTMLELEMENTREFCOUNT = 0x14; const LENGTHARRAYBUFFER = 0x8; const LENGTHSTRINGIMPL = 0x14; const LENGTHJSVIEW = 0x20; const...
Online Marriage Registration System 1.0 SQL Injection
Exploit Title: Online Marriage Registration System 1.0 - 'searchdata' SQL Injection Date: 12-21-2020 Exploit Authors: Andrea Bruschi, Raffaele Sabato Vendor: Phpgurukul Product Web Page: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/ Version: 1.0 I DESCRIPTION...
SCO Openserver 5.0.7 Cross Site Scripting
Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...
Queue Management System 4.0.0 Cross Site Scripting
Exploit Title: Queue Management System 4.0.0 - "Add User" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-21 Google Dork: N/A Vendor Homepage: http://codekernel.net/ Software Link: https://codecanyon.net/item/queue-management-system/22029961 Affected Version: Version 4.0.0 Patched Version:...
Sony Playstation 4 ValidationMessage::buildBubbleTree() Use-After-Free
const OFFSETELEMENTREFCOUNT = 0x10; const OFFSETJSABVIEWVECTOR = 0x10; const OFFSETJSABVIEWLENGTH = 0x18; const OFFSETLENGTHSTRINGIMPL = 0x04; const OFFSETHTMLELEMENTREFCOUNT = 0x14; const LENGTHARRAYBUFFER = 0x8; const LENGTHSTRINGIMPL = 0x14; const LENGTHJSVIEW = 0x20; const...
SCO Openserver 5.0.7 Command Injection
Exploit Title: SCO Openserver 5.0.7 - 'outputform' Command Injection Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 04/09/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products/ Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Test...
Stratodesk NoTouch Center Privilege Escalation
Stratodesk NoTouch Center Virtual Appliance is a portal for managing NoTouch clients. It appears that Stratodesk has a partnership with ViewSonic and produced these appliances to support some of their hardware devices as well. - https://www.stratodesk.com/products/notouch-desktop/virtual-applianc...
Point Of Sale System 1.0 Cross Site Scripting
Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-18 Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...
WordPress Contact Form 7 5.3.1 Shell Upload
Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload Date: 12/20/2020 Exploit Author: Ramón Vila Ferreres @ramonvfer Vendor Homepage: https://contactform7.com Software Link: https://wordpress.org/plugins/contact-form-7/ Version: 5.3.1 and below Tested on: Windows 10 190...
Spotweb 1.4.9 SQL Injection
Exploit Title: Spotweb 1.4.9 - 'search' SQL Injection Google Dork: N/A Date: 20 December 2020 Exploit Author: BouSalman Vendor Homepage: https://github.com/spotweb/spotweb Software Link: N/A Version: 1.4.9 Tested on: Ubuntu 18.04 CVE: CVE-2020-35545 GET...
Spiceworks 7.5 HTTP Header Injection
Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...
Academy LMS 4.3 Cross Site Scripting
Exploit Title: Academy-LMS 4.3 - Stored XSS Date: 19/12/2020 Vendor page: https://academy-lms.com/ Version: 4.3 Tested on Win10 and Google Chrome Exploit Author: Vinicius Alves XSS Payload: "STORED XSS Scripts tag blocked 1 Access LMS and log in to admin panel 2 Access courses page 3 Open course...
Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Exploit Title: Jenkins Stored XSS vulnerability in 'Trigger builds remotely' Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: '. To understand how remote build trigger works, have a look at this post...
Alumni Management System 1.0 Cross Site Scripting
Exploit Title: Alumni Management System 1.0 - "Course Form" Stored XSS Exploit Author: Aakash Madaan Date: 2020-12-10 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...
WordPress Yet Another Stars Rating PHP Object Injection
class MetasploitModule 'WordPress PHP Object Injection in Yet Another Stars Rating plugin %q This module exploits Wordpress PHP Object Injection in Yet Another Stars Rating plugin = 5.5.2, so the exploit only works for Wordpress versions 'Paul Dannewitz', Vulnerability Discovery 'gx1 ', Exploit...
Alumni Management System 1.0 SQL Injection
Exploit Title: Alumni Management System 1.0 - 'id' SQL Injection Exploit Author: Aakash Madaan Date: 2020-12-17 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...
WordPress Duplicator 1.3.26 Directory Traversal / File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...
Xeroneit Library Management System 3.1 Cross Site Scripting
Exploit Title: Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-18 Vendor Homepage: https://xeroneit.net/ Software Link: https://xeroneit.net/portfolio/library-management-system-lms Affected Version: Version 3.1 Tested on: Kali...
Alumni Management System 1.0 Shell Upload
Exploit Title: Alumni Management System 1.0 - Unrestricted File Upload To RCE Exploit Author: Aakash Madaan Date: 2020-12-17 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...
Smart Hospital 3.1 Cross Site Scripting
Exploit Title: Smart Hospital 3.1 - "Add Patient" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-18 Vendor Homepage: https://smart-hospital.in/index.html Software Link: https://codecanyon.net/item/smart-hospital-hospital-management-system/23205038 Affected Version: Version 3.1 Tested on:...
Pulse Secure VPN Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN gzip RCE', 'Description' = %q The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction...
Point Of Sale System 1.0 SQL Injection
Exploit Title: Point of Sale System 1.0 - Authentication Bypass Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-17 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...
SyncBreeze 10.0.28 Denial Of Service
Exploit Title: SyncBreeze 10.0.28 - 'login' Denial of Service Poc Data: 18-Dec-2020 Exploit Author: Ahmed Elkhressy Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7, Windows 10...
Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Trend Micro InterScan Web Security Virtual Appliance IWSVA vulnerable version: IWSVA 6.5 SP2 EN Patch 4 Build 1919 fixed versio...
Content Management System 1.0 Cross Site Scripting
Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...
Library Management System 1.0 SQL Injection
Exploit Title: Authentication Bypass via SQL injection on Library Management System Date: 23/10/2020 Exploit Author: Valerio Alessandroni Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-f...
Online Tours And Travels Management System 1.0 SQL Injection
Exploit Title: Online Tours & Travels Management System 1.0 - "id" SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html Software...
Customer Support System 1.0 SQL Injection
Exploit Title: Customer Support System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Exploit Title: PHPJabbers Appointment Scheduler 2.3 - Reflected XSS Cross-Site Scripting Date: 2020-12-14 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.phpjabbers.com Software Link: https://www.phpjabbers.com/appointment-scheduler Version: 2.3 Tested on: Latest Version of Deskto...
Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
Exploit Title: CVE-2020-20140 : Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17 Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: n/a Software Link: n/a Version:Flexmonster Pivot Table & Charts 2.7.17...
Medical Center Portal Management System 1.0 SQL Injection
Exploit Title: Medical Center Portal Management System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...
Dolibarr ERP-CRM 12.0.3 Remote Code Execution
Exploit Title: Dolibarr ERP-CRM 12.0.3 - Remote Code Execution Authenticated Date: 2020.12.17 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://github.com/Dolibarr/dolibarr Software Link: https://sourceforge.net/projects/dolibarr/ Version: 12.0.3 Tested on: Kali Linux 2020.2 Vulnerabilit...
WordPress Simple Social Buttons 3.1.1 Cross Site Scripting
The WordPress plugin Simple Social Buttons version 3.1.1 a.k.a. Simple Social Media Share Buttons suffers from a reflected cross-site scripting vulnerability found by Mr.F. It was fixed in version 3.2.0: https://wordpress.org/plugins/simple-social-buttons/developers HTML POC: xss poc...
Customer Support System 1.0 Cross Site Scripting
Exploit Title: Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Victor CMS 1.0 SQL Injection
Exploit Title: Victor CMS 1.0 - Multiple SQL Injection Authenticated Date: 17.12.2020 Exploit Author: Furkan Göksel Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Description: The Victor CMS v1.0...
Online Health Card System 1.0 SQL Injection
Exploit Title: Authentication Bypass via SQL injection on Online Health Care System 1.0 Date: 23/10/2020 Exploit Author: Valerio Alessandroni Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-...
Linksys RE6500 1.0.11.001 Remote Code Execution
Exploit Title: Linksys RE6500 1.0.11.001 - Unauthenticated RCE Date: 31/07/2020 Exploit Author: RE-Solver Public disclosure: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html4 Vendor Homepage: www.linksys.com Version: FW V1.05 up to FW v1.0.11.001 Tested on: F...
Content Management System 1.0 SQL Injection
Exploit Title: Content Management System 1.0 - 'email' SQL Injection Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...
Seotoaster 3.2.0 Cross Site Scripting
Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties Exploit Author: Hardik Solanki Vendor Homepage: https://www.seotoaster.com/ Software Link: https://crm-marketing-automation-platforms.seotoaster.com/ Version: 3.2.0 Tested on Windows 10 XSS ATTACK: Cross-site Scripting XSS is a...
Alumni Management System 1.0 Blind SQL Injection
Exploit Title: Blind SQL injection on Alumni Management System Date: 23/10/2020 Exploit Author: Valerio Alessandroni Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html Version: 1.0 Teste...
Nxlog Community Edition 2.10.2150 Denial Of Service
Exploit Title: Nxlog Community Edition 2.10.2150 - DoS Poc Date: 15/12/2020 Exploit Author: Guillaume PETIT Vendor Homepage: https://nxlog.co Software Link: https://nxlog.co/products/nxlog-community-edition/download Version: 2.10.2150 Tested on: Linux Debian 10 && Windows Server 2019...
Employee Record System 1.0 Cross Site Scripting
Exploit Title: Employee Record System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-09 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14588/employee-record-system-phpmysqli-full-source-code.html Software Link:...
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Solaris SunSSH PAM parseusername Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow in the Solaris PA...
Interview Management System 1.0 Cross Site Scripting
Exploit Title: Interview Management System 1.0 - Stored XSS in Add New Question Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-09 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html Software Link:...