XenForo 2.1.10 Patch 2 Cross Site Scripting

Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS Date:16.08.2020 Author: Vincent666 ibn Winnie Software Link: https://xenforo.com/demo/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog :https://pentest-vincent.blogspot.com/ PoC...

WordPress Colorbox Lightbox 1.1.2 Cross Site Scripting

Exploit Title: WordPress Colorbox Lightbox Plugin v1.1.2 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog:https://wordpress.org/plugins/wp-colorbox/ /developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...

Bludit 3.9.2 Authentication Bruteforce Mitigation Bypass

!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...

WordPress NextGen Gallery Sell Photo 1.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin NextGen Gallery Sell Photo 1.0.5 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/nextgen-gallery-sell-photo/developers Exploit Author: Melbin K Mathew @melbinkm Author...

Wordpress Easy Media Download 1.1.4 Cross Site Scripting

Exploit Title: Wordpress Easy Media Download v1.1.4 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/easy-media-download/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...

WordPress Sell Photo 1.0.5 Cross Site Scripting

Exploit Title: Sell Photo Wordpress Plugin v1.0.5 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/sell-photo/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...

Artica Proxy 4.3.0 Authentication Bypass

Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version: 4.30.00000000 REQUIRED Tested on: Debian CVE : CVE-2020-17506 impo...

Safari Webkit For iOS 7.1.2 JIT Optimization Bug

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit JIT Exploit for iOS 7.1.2', 'Description' = %q This module exploits a JIT optimization bug in Safari Webkit. This allows us to writ...

QiHang Media Web Digital Signage 3.0.9 Remote Code Execution

function uploadShellPoC var xhr = new XMLHttpRequest; xhr.open"POST", "http://192.168.1.74:8090/QH.aspx", true; xhr.setRequestHeader"Content-Type", "multipart/form-data; boundary=----WebKitFormBoundaryhbcZX7o0Hw19h3kr"; xhr.setRequestHeader"Acc...

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion

QiHang Media Web QH.aspx Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: Input...

Car Rental Script Cross Site Scripting

==================================================================== Car Rental Script - Stored XSS ==================================================================== .:. Author : Yussef Dajdaj .:. Contact : .:. Vendor : https://projectworlds.in/ .:. Script :...

vBulletin 5.6.2 Cross Site Scripting

Exploit Title: vBulletin 5.6.2 Cross Site Scripting Date:12.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

Online Shopping System SQL Injection

==================================================================== Online Shopping System project in PHP - SQL injection ==================================================================== .:. Author : Yussef Dajdaj .:. Contact : F1nd M3 .:. Vendor : https://projectworlds.in/ .:. Script :...

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure

QiHang Media Web QH.aspx Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: The...

Car Rental Script SQL Injection

==================================================================== Car Rental Script - Time-based blind SQL injection ==================================================================== .:. Author : Yussef Dajdaj .:. Contact : .:. Vendor : https://projectworlds.in/ .:. Script :...

QiHang Media Web Digital Signage 3.0.9 Credential Disclosure

QiHang Media Web QH.aspx Digital Signage 3.0.9 Cleartext Credentials Disclosure Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: The...

Online Book Store Cross Site Scripting

==================================================================== Online Book Store project in PHP Mysql - Persistent XSS ==================================================================== .:. Author : Yussef Dajdaj .:. Contact : .:. Vendor : https://projectworlds.in/ .:. Script :...

CMS Made Simple 2.2.14 Shell Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

vBulletin 5.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x /ajax/render/widgettabbedcontainertabpanel PHP remote code execution.', 'Description' = %q This module exploits a logic bug within...

GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery

Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Delete Admin/User Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 12, 2020 Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

QiHang Media Web Digital Signage 3.0.9 Password Disclosure

QiHang Media Web QH.aspx Digital Signage 3.0.9 Cookie User Password Disclosure Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: The applicati...

Online Book Store SQL Injection

==================================================================== Online Book Store project in PHP Mysql - SQL injection ==================================================================== .:. Author : Yussef Dajdaj .:. Contact : .:. Vendor : https://projectworlds.in/ .:. Script :...

SugarCRM SQL Injection

SugarCRM $user, "password" = $pass, "granttype" = "password", "clientid" = "sugar"; curlsetopt$ch, CURLOPTURL, "$urlrest/v10/oauth2/token"; curlsetopt$ch, CURLOPTPOST, true; curlsetopt$ch, CURLOPTPOSTFIELDS, jsonencode$params; curlsetopt$ch, CURLOPTHTTPHEADER, "Content-Type: application/json";...

Avian JVM 1.2.0 Silent Return

Vulnerability title: Avian JVM vm::arrayCopy silent return on negative length Author: Pietro Oliva CVE: CVE-2020-17361 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary...

SugarCRM Cross Site Scripting

SugarCRM 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities • Software Link: https://www.sugarcrm.com/ • Affected Versions: All versions prior to 10.1.0 Q3 2020. • Vulnerabilities Description: 1 User input passed through the “do” parameter when action is set to “metadata” is not...

Avian JVM 1.2.0 Integer Overflow

Vulnerability title: Avian JVM vm::arrayCopy Multiple Integer Overflows Author: Pietro Oliva CVE: CVE-2020-17360 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks...

Fuel CMS 1.4.7 SQL Injection

Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Google Dork: - Date: 2020-08-01 Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested on: Linux Ubuntu 18.04...

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

Travel Management System 1.0 Remote Code Execution

Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage: https://projectworlds.in/ Software Link:...

vBulletin 5.x Remote Code Execution

!/bin/bash vBulletin widgettabbedcontainertabpanel 5.x 0day by @Zenofex Usage ./exploit Urlencode cmd CMD=echo $2|perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' Send request curl -s $1/ajax/render/widgettabbedcontainertabpanel -d...

Travel Management System 1.0 SQL Injection

Exploit Title: Travel Management System v1.0 - SQLi Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec and Bobby Cooke boku Date: August 10, 2020 Vendor Homepage: https://www.projectsworld.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/travel.zip Version: 1.0 Tested...

Cisco 7937G Privilege Escalation

Exploit Title: Cisco 7937G Prvilege Escalation MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'singlescanner', 'options': 'rhost': 'type': 'address', 'description': 'Target...

Cisco 7937G Denial Of Service

CVE-2020-16138.py: Exploit Title: Cisco 7937G DoS 2 MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'dos', 'options': 'rhost': 'type': 'address', 'description': 'Target address...

ManageEngine ADSelfService Plus 6000 Remote Code Execution

Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Date: 2020-08-08 Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This is an article with PoC exploit video ...

Orion Application Server 1.5.2b Cross Site Scripting

Orion Application Server - Cross Site Scripting Tested on: Orion Application Server 1.5.2b Date: Ago 09, 2020 Informer: Pablo Rebolini - Cross Site Scripting Poc: GET http://x.x.x.x/%3Cscript%3Ealert%22xss'ed%22%3C/script%3E Dork: "Orion Application Server" "up and running"...

Tailor MS 1.0 Cross Site Scripting

Exploit Title: Tailor MS v1.0 - Reflected XSS Key Logger Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 9th, 2020 Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/tailor.zip Version: 1....

Warehouse Inventory System 1.0 Cross Site Request Forgery

Exploit Title: Warehouse Inventory System - Cross-Site Request Forgery CSRF - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 9th, 2020 Vendor Homepage: https://oswapp.com Software Link:...

House Rental 1.0 SQL Injection

Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link:...

BarracudaDrive 6.5 Local Privilege Escalation

Exploit Title: BarracudaDrive v6.5 - User-System - Local Privilege Escalation Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 08-08-2020 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Teste...

Cisco 7937G All-In-One Exploiter

Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 CVE: CVE-2020-16139, CVE-2020-16138, CVE-2020-16137 !/usr/bin/python import sys import getopt import requests...

BarcodeOCR 19.3.6 Unquoted Service Path

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Discovery Date: 2020-07-31 Response from BarcodeOCR Support: 08/03/2020 Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted...

flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: =1.5.5 fixed version: 1.5.7 CVE number: - impact: High homepage: https://flatcore.org/ found: 2020-03-2...

CodeMeter 6.60 Unquoted Service Path

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2020-08-05 Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...

Car Rental Management System 1.0 Cross Site Scripting

Exploit Title: Car Rental Management System v1.0 - Unauthenticated Persistent XSS Session Harvester Exploit Author: Bobby Cooke Date: August 6, 2020 Vendor Homepage: https://projectworlds.in Software Link: https://github.com/projectworlds32/Car-Rental-Syatem-PHP-MYSQL/archive/master.zip Version:...

Tailor Management System 1.0 SQL Injection

Exploit Title: Tailor Management System 1.0 Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 06.08.2020 Exploit Author: Mucahit Karadag Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html...

Curfew e-Pass Management System 1.0 SQL Injection

Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 04.08.2020 Exploit Author: Mucahit Karadag Vendor Homepage: https://products.phpgurukul.com/product/curfew-e-pass-management-system-project-report/ Software Link:...

Victor CMS 1.0 SQL Injection

Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Vulnerabilty Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP / Windows 10...

Online Shopping Alphaware 1.0 Arbitrary File Upload

Exploit Title: Online Shopping Alphaware 1.0 - Arbitrary File Upload Authenticated Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

QlikView 12.50.20000.0 Denial Of Service

Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial...

Daily Expenses Management System 1.0 Cross Site Scripting

Exploit Title: Daily Expenses Management System 1.0 - Multiple Persistent Cross-Site Scripting Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...