50738 matches found
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...
Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Online Graduate Tracer System V 1.0.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
News Portal 4.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : News Portal v4.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendo...
eClass LMS 6.2.0 Insecure Settings / Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Online Bus Ticketing 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Online Bus Ticketing v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
vTiger CRM 7.4.0 Cross Site Scripting
CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...
Computer Laboratory Manager 1.0 Insecure Settings
============================================================================================================================================= | Title : LMS v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Task Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Task Management System 1.0 CSRF add staff Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
pgAdmin 8.4 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pgAdmin Binary Path API RCE', 'Description' = %q pgAdmin MSFLICENSE, 'Author' = 'M.Selim Karahan', metasploit module 'Mustafa Mutlu', lab prep. a...
SPIP 4.2.5 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.5 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Notemark 0.13.0 Cross Site Scripting
Exploit Title: Stored XSS in NoteMark Date: 07/29/2024 Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...
File Management System 1.0 SQL Injection
============================================================================================================================================= | Title : File Management System 1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....
Gitea 1.22.0 Cross Site Scripting
Exploit Title: Stored XSS in Gitea Date: 27/08/2024 Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored...
Multi-Vendor Online Groceries Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro /...
Mount Carmel School 6.4.1 Insecure Settings
============================================================================================================================================= | Title : Mount Carmel School v6.4.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
SPIP 4.2.2 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.2 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Laundry Management System 1.0 Remote File Inclusion
============================================================================================================================================= | Title : Laundry Management System 1.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
File Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
MSMS-PHP 1.0 Insecure Settings
============================================================================================================================================= | Title : MSMS-PHP v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits...
Medical Hub Directory Site 1.0 Insecure Settings
==================================================================================================================================== | Title : Medical Hub Directory Site v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0....
miniProxy 1.0.0 Remote File Inclusion
==================================================================================================================================== | Title : miniProxy 1.0.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendo...
Marc@TMS CMS 1.0 SQL Injection
============================================================================================================================================= | Title : Marc@TMS cms v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Loan Management System 1.0 Remote File Inclusion
============================================================================================================================================= | Title : Loan Management System 1.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
Lodging Reservation Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : LRMS v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Medical Center Portal 1.0 SQL Injection
============================================================================================================================================= | Title : Medical Center Portal 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 ...
Medicine Tracker System 1.0 Insecure Settings
==================================================================================================================================== | Title : Medicine Tracker System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 6...
Login System Project 1.0 SQL Injection
============================================================================================================================================= | Title : Login System Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 6...
Bang Resto 1.0 Information Disclosure
==================================================================================================================================== | Title : Bang Resto 1.0 HTML Form in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bit...
Employee Record Management System 1.0 SQL Injection
============================================================================================================================================= | Title : ERMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Calibre Web 0.6.21 Cross Site Scripting
Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...
Helpdeskz 2.0.2 Cross Site Scripting
Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...
HughesNet HT2000W Satellite Modem Password Reset
Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...
Simple College Website 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
DETS Project 1.0 SQL Injection
============================================================================================================================================= | Title : DETS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
SPIP 4.2.11 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.11 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
School Log Management System 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Invesalius 3.1 Remote Code Execution
Exploit Title: Invesalius 3.1 - Remote Code Execution RCE Discovered By: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Exploit Author: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Vendor Homepage: https://invesalius.github.io/ Software Link:...
Human Resource Management System 2024 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Jobs Finder System 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Jobs Finder System v1.0 XSS injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 6...
Loan Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Loan Management System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
Aruba 501 CN12G5W0XX Remote Command Execution
Exploit Title: Remote Command Execution | Aurba 501 Date: 17-07-2024 Exploit Author: Hosein Vita Vendor Homepage: https://www.hpe.com Version: Aurba 501 CN12G5W0XX Tested on: Linux import requests from requests.auth import HTTPBasicAuth def getinputprompt, defaultvalue: userinput = inputprompt...
Biobook Social Networking Site 1.0 SQL Injection
============================================================================================================================================= | Title : biobook Social Networking Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-035 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
CCMS Project 1.0 SQL Injection
============================================================================================================================================= | Title : CCMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
DiCal-RED 4009 Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-042 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Risk Level: Medium Solution...
DiCal-RED 4009 Cryptography Failure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-038 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Use of Password Hash Instead of Password for Authentication CWE-836 Risk Level: Medium Solution...
CMSsite 1.0 Shell Upload
============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
Ray Agent Job Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
DiCal-RED 4009 Log Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-040 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Status: Open Manufacturer Notification:...