CS-Cart 1.3.3 Remote Code Execution

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

Company Visitor Management System (CVMS) 1.0 SQL Injection

Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 16/10/2020 Exploit Author: Oğuz Türkgenç Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=96...

aaPanel 6.6.6 Privilege Escalation

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

CS-Cart 1.3.3 Local File Inclusion

Exploit Title: CS-Cart unauthenticated LFI Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.4 Vulnerability Type: unauthenticated LFI...

Alumni Management System 1.0 SQL Injection

Exploit Title: Alumni Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Simple Grocery Store Sales And Inventory System 1.0 SQL Injection

Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...

Zoo Management System 1.0 SQL Injection

Exploit Title: Zoo Management System 1.0 - Authentication Bypass Date: 02/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=12723 Version: 1.0 Tested On:...

Microsoft Windows Uninitialized Variable Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows Uninitialized Variable Local...

NodeBB Forum 1.14.2 Account Takeover

Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...

Guild Wars 2 Insecure Folder Permissions

Exploit Title: Guild Wars 2 - Insecure Folder Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild War...

TimeClock Software 1.01 SQL Injection

!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...

Battle.Net 1.27.1.12428 Insecure File Permissions

Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category:...

berliCRM 1.0.24 SQL Injection

Exploit Title: berliCRM 1.0.24 - 'srcrecord' SQL Injection Google Dork: N/A Date: 2020-10-11 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.berlicrm.de Software Link: https://github.com/berliCRM/berlicrm/archive/1.0.24.zip Version: 1.0.24 Tested on: Kali Linux CVE : N/A ==========...

Kentico CMS 9.0-12.0.49 Cross Site Scripting

Exploit Title: Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting Exploit Author: Ataberk YAVUZER CVE: CVE-2019-19493 Type: Webapps Vendor Homepage: https://www.kentico.com/ Version: 9.0-12.0.49 Date: 29-11-2019 CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2019-19493 Details Persisten...

DynPG 4.9.1 Cross Site Scripting

Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...

Sage DPW 2020_06_000 / 2020_06_001 XSS / File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload product: Sage DPW vulnerable version: 202006000 & 202006001 fixed version: 202006002 CVE number:...

openMAINT 1.1-2.4.2 Arbitrary File Upload

Exploit Title: openMAINT 1.1-2.4.2 - Arbitrary File Upload Dork: N/A Date: 2020-08-19 Exploit Author: mrb3n Vendor Homepage: https://www.openmaint.org/en Software Link: https://sourceforge.net/projects/openmaint/files/1.1/openmaint-1.1-2.4.2.zip/download Version: 1.1-2.4.2 Category: Webapps Teste...

SEO Panel 4.6.0 Remote Code Execution

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...

Cisco ASA / FTD 9.6.4.42 Path Traversal

Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...

Online Student's Management System SQL Injection

Title: Online Student's Management System - Unauthenticated Multiple SQL Injections Exploit Author: George Tsimpidas Date: 2020-10-09 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord0.zip Tested on: Ubuntu...

Garfield Petshop 2020-10-01 Cross Site Request Forgery

!/usr/bin/perl Garfield Petshop Add-Admin Exploit By Ramdan Yantu rysec.io \ bastardlabs.info From Gorontalo - Indonesia Mail: ramdanyantuatgmail.com Application by Gamma Advertisa Link: https://detapos.co/ | https://demo.detapos.co.id/petshop CVE: CVE-2020-26522 use strict; use warnings; use...

Atlassian Products Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status vulnerable...

Twitter Analytics Open Redirect

================================================================================Twitter Analytics Open Redirect Vulnerability ================================================================================ Credit by Asheesh Anaconda Description An open redirect vulnerability exists in Twitter...

Seat Reservation System 1.0 Cross Site Scripting

Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...

D-Link DSR-250N Denial Of Service

Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script which reboots the device. Details ======= Product: D-Link DSR-250N...

Karel IP Phone IP1211 Web Management Panel Directory Traversal

Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...

Liman 0.7 Cross Site Request Forgery

Exploit Title: Liman v0.7 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: 18.04.5 LTS Bionic Beaver Category: Webapp 1. Description:- There is no CSRF protection in...

BACnet Test Server 1.01 Remote Denial Of Service

!/usr/bin/perl BACnet Test Server 1.01 Remote Denial of Service Exploit Vendor: BACnet Interoperability Test Services, Inc. Product web page: https://www.bac-test.com https://sourceforge.com/projects/bacnetserver Affected version: 1.01 BACnet Stack Version 0.5.7 Summary: This is a simple BACnet...

Textpattern CMS 4.6.2 Cross Site Scripting

Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...

EasyPMS 1.0.0 Authentication Bypass

Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

!/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Vendor: Embedthis Software LLC Product web page: https://www.embedthis.com Affected version: =5.1.2 and =4.1.3 Summary: GoAhead is the world's most popular, tiny embedded...

Krpano Panorama Viewer 1.20.8 Cross Site Scripting

Exploit Title: XSS in krpano Panorama Viewer Google Dork: inurl:krpano.html Date: 10/05/2020 Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: [email protected] Exploit Author Packetstorm Bio:...

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

Restaurant Reservation System 1.0 SQL Injection

Exploit Title: Restaurant Reservation System 1.0 - 'date' SQL Injection Authenticated Date: 2020-10-05 Exploit Author: b1nary Vendor Homepage: https://www.sourcecodester.com/php/14482/restaurant-reservation-system-php-full-source-code-2020.html Software Link:...

Student Result Management System 1.0 SQL Injection

Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities Date: 2020-10-02 Exploit Author: b1nary Vendor Homepage: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/ Software Link:...

Photo Share Website 1.0 Cross Site Scripting

Exploit Title: Photo Share Website 1.0 - Persistent Cross-Site Scripting Date: 2020-09-30 Exploit Author: Augkim Vendor Homepage: https://www.sourcecodester.com/php/14478/photo-share-website-using-phpmysql-source-code.html Software Link:...

MedDream PACS Server 6.8.3.751 Remote Code Execution

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...

Checkmk 1.6.0p16 Local Privilege Escalation

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...

Platinum Mobile 1.0.4.850 Authorization Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken Access Control product: Platinum Mobile vulnerable version: 1.0.4.850 fixed version: 1.0.4.851 CVE number: - impact: critical homepage:...

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...

FusionAuth-SAMLv2 0.2.3 Message Forging

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SAML v2.0 bindings in Java using JAXB Vendor: FusionAuth CSNC ID: CSNC-2020-002 CVE ID: CVE-2020-12676 Subject: Signature Exclusion Attack Risk: High Effect: Remotely exploitable Author: Felix Sieges Date:...

Safari Type Confusion / Sandbox Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari in Operator Side Effect Exploit', 'Description' = %q This module exploits an incorrect side-effect modeling of the 'in' operator. The DFG...

WebsiteBaker 2.12.2 SQL Injection

Exploit Title: WebsiteBaker 2.12.2 - 'displayname' SQL Injection authenticated Google Dork: - Date: 2020-09-20 Exploit Author: Roel van Beurden Vendor Homepage: https://websitebaker.org Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Version: 2.12.2 Tested on: Linux Ubuntu 18.0...

GetSimple CMS 3.3.16 Cross Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

SpinetiX Fusion Digital Signage 3.4.8 Path Traversal

SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage ...

MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration

SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: Username...

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a...

Typesetter CMS 5.1 Cross Site Scripting

Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Contact: @alperenae IG @alprenae TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: windows 10 / xammp Category: WebApp...

SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: history.pushState'', '', '/index.php?r=settings/settings' form action="http://192.168.1.1/fusion/index.php?r=users/create...