Qognify VMS Client Viewer 7.1 DLL Hijacking

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via DLL Hijacking product: Qognify VMS Client Viewer vulnerable version: =7.1 fixed version: see solution CVE number: CVE-2023-49114 impact:...

Boss Mini 1.4.0 Local File Inclusion

Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...

Multilaser RE160V / RE160 URL Manipulation Access Bypass

=====Tempest Security Intelligence - Security Advisory - CVE-2023-38945======= Access Control Bypass in Multilaser routers' Web Management Interface Author: Vinicius Moraes =====Table of Contents======================================================== 1. Overview 2. Detailed description 3. Other...

GL.iNet AR300M 3.216 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

XAMPP 5.6.40 SQL Injection

Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...

GL.iNet AR300M 4.3.7 Arbitrary File Write

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

Petrol Pump Management Software 1.0 Cross Site Scripting

Exploit Title: Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...

Employee Management System 1.0-2024 SQL Injection

Title: employeeakpoly-management-system-1.0-2024 Multiple-SQLi Author: nu11secur1ty Date: 03/01/2024 Vendor: https://www.sourcecodester.com/users/walterjnr1 Software: https://www.sourcecodester.com/php/16999/employee-management-system.html Reference:...

Wallos Shell Upload

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: [email protected] Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: 1.11.2 Tested on: Debian 12 Wallos allows you to upload an image/logo when you create...

BoidCMS 2.0.1 Cross Site Scripting

Exploit Title: Multiple XSS Issues in boidcmsv2.0.1 Date: 3/2024 Exploit Author: Andrey Stoykov Version: 2.0.1 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com XSS via SVG File Upload Steps to Reproduce: 1. Login with admin user 2. Visit "Media" page 3. Upload xss.svg 4. Click "View"...

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

Multilaser RE160 Cookie Manipulation Access Bypass

=====Tempest Security Intelligence - Security Advisory - CVE-2023-38946======= Access Control Bypass in Multilaser router's Web Management Interface Author: Vinicius Moraes =====Table of Contents======================================================== 1. Overview 2. Detailed description 3. Other...

Simple Student Attendance System 1.0 SQL Injection

Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage:...

Petrol Pump Management System 1.0 Shell Upload

Exploit Title: File Upload Remote Code Execution RCE in Petrol Pump Management Software v.1.0 Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...

Easywall 0.3.1 Remote Command Execution

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...

Real Estate Management System 1.0 Shell Upload

Exploit Title: Real Estate Management System v1.0 - Remote Code Execution via File Upload Date: 2/11/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://codeastro.com Version: V1.0 Tested on: Windows 11 + XAMPP 8.0.30 + Burp Suite Professional v2023.12.1.3 Description This Vulnerability all...

Multilaser RE160V Header Manipulation Access Bypass

[email protected] Status: RO Content-Length: 5433 Lines: 153 =====Tempest Security Intelligence - Security Advisory - CVE-2023-38944======= Access Control Bypass in Multilaser routers' Web Management Interface Author: Vinicius Moraes =====Table of...

Enrollment System 1.0 SQL Injection

Exploit Title: Enrollment System v1.0 - SQL Injection Date: 27 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: Obi08 Vendor Homepage: https://github.com/Obi08/EnrollmentSystem Software Link: https://github.com/Obi08/EnrollmentSystem Version: v1.0 Tested on: Mac OSX, XAMPP, Apache,...

TPC-110W Missing Authentication

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

A-PDF All To MP3 Converter 2.0.0 Overflow

!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...

SumatraPDF 3.5.2 DLL Hijacking

SumatraPDF 3.5.2 DLL Hijack Exploit Title: Sumatra PDF 3.5.2 DLL Hijack Date: 03.03.2024 Exploit Author: Krishna Vamshi Katta Rokkaiah Vendor Homepage: https://www.sumatrapdfreader.org/free-pdf-reader Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.2 Tested o...

AC Repair And Services System 1.0 SQL Injection

Exploit Title: AC Repair and Services System v1.0 - Multiple SQL Injection Date: 27 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html...

GL.iNet AR300M 4.3.7 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

BoidCMS 2.0.0 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...

Membership Management System 1.0 SQL Injection

Title: Membership Management System - SQL injection - Application: Hospital Management System - Date: 01.03.2024 - Bugs: SQL injection - Exploit Author: SoSPiro - Vendor Homepage: https://codeastro.com/author/nbadmin/ - Software Link:...

WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting

Exploit Title: IDonate – blood request management system XSS in Recaptcha secret key and in Recaptcha Site key 3- Click on save changes. 4- While clicking on the payload text, XSS will trigger. Vulnerable Code: public function idonaterecaptchasecretkeycallback if isset...

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The...

Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.amt Vulnerability: Authentication Bypass Description: The malware can...

WordPress Admin Bar And Dashboard Access Control 1.28 XSS

Exploit Title: WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting XSS Google Dork: NA Date: 28/10/2023 Exploit Author: Rachit Arora Vendor Homepage: Software Link: https://wordpress.org/plugins/admin-bar-dashboard-control/...

Saflok System 6000 Key Derivation

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

Blood Bank 1.0 SQL Injection

Exploit Title: Blood Bank v1.0 SQL Injection Vulnerability Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...

WordPress WP Fastest Cache 1.2.2 SQL Injection

Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2 Date: 14.11.2023 Exploit Author: Meryem Taşkın Vendor Homepage: https://www.wpfastestcache.com/ Software Link: https://wordpress.org/plugins/wp-fastest-cache/ Version: WP Fastest Cache 1.2.2 Tested on: WP Fastest Cache 1.2.2...

perl2exe 30.10C Arbitrary Code Execution

Exploit Title: Executables Created with perl2exe safe.pl user@testing:/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.pl Perl2Exe V30.10C 2020-12-11 Copyright c 1997-2020 IndigoSTAR Software ... Generating safe user@testing:/example$ user@testing:/example$ Check that the program executes as...

Hospital Management System 1.0 Cross Site Scripting

Exploit Title: Hospital Management System - Stord XSS Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: Stord XSS Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

WordPress Comments Like Dislike 1.2.0 Missing Authorization

Exploit Title: POC-CVE-2023-3244 Date: 9/12/2023 Exploit Author: Diaa Hanna Software Link: download link if available Version: = 1.2.0 comments-like-dislike Tested on: 1.1.6 comments-like-dislike CVE : CVE-2023-3244 References https://nvd.nist.gov/vuln/detail/CVE-2023-3244 The Comments Like Disli...

Atlassian Confluence Data Center And Server Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...

Moodle 4.3 Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover

Exploit Title: Hospital Management System - IDOR + Accaunt Takeover Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: IDOR + Accaunt Takeover Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Hospital Management System 1.0 SQL Injection

Exploit Title: Hospital Management System - SQL Injection Google Dork: N/A Application: Hospital Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

SuperStoreFinder 3.7 XSS / CSRF / Command Execution

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

Automatic-Systems SOC FL9600 FastLine Hardcoded Credentials

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

WordPress Canto Remote Shell Upload

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...

Automatic-Systems SOC FL9600 FastLine Directory Traversal

Exploit Title: Automatic-Systems SOC FL9600 FastLine - Directory Transversal Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on: V06, VersionSVN =...

Flashcard Quiz App 1.0 SQL Injection

Exploit Title: Flashcard Quiz App - SQL Injection Google Dork: N/A Application: Flashcard Quiz App Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...

Simple Inventory Management System 1.0 SQL Injection

Exploit Title: Simple Inventory Management System - SQL Injection Google Dork: N/A Application: Simple Inventory Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

FAQ Management System 1.0 SQL Injection

Exploit Title: FAQ Management System - SQL Injection Google Dork: N/A Application: FAQ Management System Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

SuperCali 1.1.0 Cross Site Scripting

Exploit Title: SuperCali Version : 1.1.0 - Reflected XSS Date: 2024-23-02 Exploit Author: tmrswrr Vendor Homepage: https://supercali.inforest.com Version : 1.1.0 Tested on: https://softaculous.com/demos/supercali 1 Go to admin login url : https://127.0.0.1/SuperCali/login.php 2 Write your payload...

Backdoor.Win32.Armageddon.r MVID-2024-0670 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Armageddon.r Vulnerability: Hardcoded Cleartext Credentials Description: Th...

ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ConnectWise ScreenConnect Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability...