50637 matches found
Joomla Publisher 3.0.19 Cross Site Scripting
Exploit Title: Joomla Publisher V 3.0.19 Stored XSS Date: 03.11.2020 Author: Vincent666 ibn Winnie Software Link: https://publisher.ijoomla.com/demo Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest.vincent.blogspot.com/ PoC:...
Joomla JomSocial 4.7.6 Cross Site Scripting
Exploit Title: Joomla JomSocial 4.7.6 Stored XSS Date: 03.11.2020 Author: Vincent666 ibn Winnie Software Link: https://www.jomsocial.com/demo Tested on: Windows 10 Web Browser: Mozilla Firefox,Google Chrome and Edge :Google Dorks: inurl:templates/jomsocial/ Blog :...
Processwire CMS 2.4.0 Local File Inclusion
Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...
Complaints Report Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...
Monitorr 1.7.6m Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Remote Code Execution Unauthenticated Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...
Multi Restaurant Table Reservation System 1.0 SQL Injection
Title: Multi Restaurant Table Reservation System - 'tableid' Unauthenticated SQL Injection Exploit Author: yunaranyancat Date: 02-11-2020 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...
Multi Restaurant Table Reservation System 1.0 Cross Site Scripting
Exploit Title: Multi Restaurant Table Reservation System - Multiple Persistent XSS Date: 01-11-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...
WordPress Simple File List 5.4 Shell Upload
!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 5.4 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/ Softwa...
Monitorr 1.7.6m Authorization Bypass
!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Authorization Bypass Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...
Apache Flink 1.9.x Shell Upload
!/usr/bin/env python3 coding: utf-8 Exploit Title: Apache Flink 1.9.x - File Upload RCE Unauthenticated Google Dork: None Date: 2020.11.01 Exploit Author: bigger.wing Vendor Homepage: https://flink.apache.org/ Software Link: https://flink.apache.org/downloads.html Version: 1.9.x Tested on:...
Foxit Reader 9.7.1 Remote Command Execution
Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir CVE: CVE-2020-14425. Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript AP whic...
HealthMonitor 3.1 Unquoted Service Path
Exploit Title: HealthMonitor 3.1 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://sourceforge.net/projects/healthmonitor/ Software Link :...
Quick N Easy FTP Service 3.2 Unquoted Service Path
Exploit Title: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://www.pablosoftwaresolutions.com/html/quickneasyftpservice.html Software Link : www.pablosoftwaresolutions.com/download.php?id=10 Tested Version: 3....
Cobian Backup Service Unquoted Service Path
Exploit Title: Cobian Backup Service sc qc CobianBackup11 SC QueryServiceConfig SUCCESS SERVICENAME: CobianBackup11 TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1 Normal BINARYPATHNAME : C:\Program Files x86\Cobian Backup 11\cbService.exe LOADORDERGROUP : TAG : 0 DISPLAYNAME :...
Citadel WebCit Session Hijacking
Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...
DedeCMS 5.8 Cross Site Scripting
Exploit Title: DedeCMS v.5.8 - "keyword" Cross-Site Scripting Date: 2020-07-27 Exploit Author: Noth Vendor Homepage: https://github.com/dedetech/DedeCMSv5 Software Link: https://github.com/dedetech/DedeCMSv5 Version: v.5.8 CVE : CVE-2020-27533 A Cross Site Scripting XSS issue was discovered in th...
Wondershare Dr.Fone 3.0.0 Unquoted Service Path
Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path Date: 2020-10-29 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.wondershare.com Software Link: https://drfone.wondershare.com/ Version: 3.0.0 Tested on: Microsoft Windows 7sp2 x86/x64 CVE :...
Simple College Website 1.0 Code Execution / SQL Injection
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
CSE Bookstore 1.0 Cross Site Scripting
Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...
Agent Tesla Botnet Cross Site Scripting
Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability Google Dork: n/a Date: 29/10/2020 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Vuln-Code:...
Oracle WebLogic Server Remote Code Execution
!/usr/bin/python3 Exploit Title: Oracle WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request Exploit Author: Nguyen Jang CVE: CVE-2020-14882 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...
Icewarp WebMail 11.4.5.0 Cross Site Scripting
Title: IceWarp WebMail Cross-Site Scripting Vulnerability + Date: 2020/10/25 + Author: Harun Karakış + Vendor Homepage: www.icewarp.com + Tested on: Windows 10 + Versions: 11.4.5.0 + Vulnerable Parameter: "language" Get Method + Vulnerable File: /webmail/ + Cve:CVE-2020-27982 PoC: + Go to :...
Mailman 2.1.23 Cross Site Scripting
Title: Mailman 1.x 2.1.23 - Cross Site Scripting XSS Type: Reflected XSS Software: Mailman Version: =1.x = 2.1.23 Vendor Homepage: https://www.list.org Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 POC Author: Valerio Alessandroni Date: 28/10/2020 Description:...
Point Of Sales 1.0 Cross Site Scripting
Exploit Title: Point of Sales 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html Software Link:...
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...
Online Examination System 1.0 Cross Site Scripting
Exploit Title: Online examination system 1.0 - 'name' Stored Cross Site Scripting Date: 29/10/2020 Exploit Author: Nikhil Kumar https://www.linkedin.com/in/nikhil-kumar-4b9443166/ Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...
Lot Reservation Management System 1.0 SQL Injection
Exploit Title: lot reservation management system 1.0 - Authentication Bypass Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
Lot Reservation Management System 1.0 Cross Site Scripting
Exploit Title: lot reservation management system 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
Nagios XI 5.7.3 Remote Command Injection
Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...
Gym Management System 1.0 SQL Injection
Exploit Title: Gym Management System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...
God Kings 0.60.1 Notification Spoofing
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid Type: Improper Verification of Intent by Broadcast Receiver CWE-925 Date found: 2020-09-07 Date...
CSE Bookstore 1.0 SQL Injection
Exploit Title: CSE Bookstore Authentication Bypass Date: 27/10/2020 Exploit Author: Alper Basaran Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Windows 10 Enterprise 1909 CSE...
Gym Management System 1.0 Cross Site Scripting
Exploit Title: Gym Management System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...
Blueman Local Root / Privilege Escalation
Exploit Title: Local Privilege Escalation in Blueman 2.1.4 Date: 2020-10-27 Exploit Author: Vaisha Bernard vbernard - at - eyecontrol.nl Vendor Homepage: https://github.com/blueman-project/blueman Software Link: https://github.com/blueman-project/blueman Version: 2.1.4 Tested on: Ubuntu 20.04 CVE...
Program Access Controller 1.2.0.0 Unquoted Service Path
Exploit Title: Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/ProgramAccessController.exe Version: 1.2.0.0 Tested...
Prey 1.9.6 Unquoted Service Path
Exploit Title: Prey 1.9.6 - "CronService" Unquoted Service Path Discovery by: Ömer Tuygun Discovery Date:16.10.2020 Vendor Homepage: https://preyproject.com/ Software Link: https://preyproject.com/download/ Tested Version: 1.9.6 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 P...
EPSON 1.124 Unquoted Service Path
Exploit Title: EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path Discovery by: İsmail Önder Kaya Discovery Date: 2020-10-27 Vendor Homepage: https://www.epson.co.uk/support?productID=10820&os=22driversandmanuals Tested Version: 1.124 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...
aptdaemon File Existence Disclosure
Exploit Title: File Existence Disclosure in aptdaemon " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.debian.apt", "/org/debian/apt" aptdbusi...
Point Of Sales 1.0 SQL Injection
Exploit Title: Point of Sales 1.0 - 'username' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html Software Link:...
PackageKit File Existence Disclosure
Exploit Title: File Existence Disclosure in PackageKit " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.freedesktop.PackageKit", "/org/freedesktop/PackageKit" aptdbusinterface = dbus.Interfaceaptdbusobject, "org.freedeskt...
IP Watcher 3.0.0.30 Unquoted Service Path
Exploit Title: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/IPWatcherSetup.exe Version: 3.0.0.30 Tested on: Microsoft Windows...
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...
Online Library Management System 1.0 Shell Upload
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...
TDM Digital Signage PC Player 4.1 Insecure File Permissions
TDM Digital Signage PC Player 4.1 Insecure File Permissions Vendor: TDM Trending Digital Marketing Product web page: https://www.tdmsignage.com https://pro.sony/enNL/products/display-software/tdm-ds1y-tdm-ds3y Affected version: 4.1.0.4 Summary: With TDM you can do a lot more than just show Digita...
Sentrifugo 3.2 Shell Upload / Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Authenticated Date: 26/10/2020 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sentrifugo.com/ POC Link: https://www.exploit-db.com/exploits/47323 Version: 3.2 Tested on: Linux and Windows CVE : CVE-2019-15813 Contact...
Adtec Digital Products Hardcoded Credentials / Remote Root
Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...
Sphider Search Engine 1.3.6 Remote Code Execution
Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...
PDW File Browser 1.3 Cross Site Scripting
Exploit Title: PDW File Browser . The payload gets executed when any authenticated user navigates to the PDW File browser page. POST /ckeditor/plugins/pdwfilebrowser/actions.php HTTP/1.1 Host: … action=rename&newfilename=&oldfilename=script%253EFILE.txt&folder=%252Fmedia%252F&typ e=file Reflected...
Online Health Care System 1.0 Cross Site Scripting
Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...
Genexis Platinum-4410 Cross Site Scripting
Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...