Online Nurse Hiring System 1.0 SQL Injection

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Date: 03/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826...

WordPress Augmented-Reality Remote Code Execution

Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...

KiTTY 0.76.1.13 Command Injection

!/usr/bin/python ---------------------------------------------------------------------------------------- Exploit: KiTTY ≤ 0.76.1.13 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input CVE-2024-23749 OS: Microsoft Windows 11/10/8/7/XP Author: DEFCESCO Austin A. DeFrancesco...

GYM MS 1.0 Cross Site Scripting

Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Date: 29/09/2023 Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 20...

Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage

!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...

WordPress Simple URLs Cross Site Scripting

Exploit Title: simple urls alertorigin...

Cacti pollers.php SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti RCE via SQLi in pollers.php', 'Description' = %q This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability...

SISQUAL WFM 7.1.319.103 Host Header Injection

Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Discovered Date: 17/03/2023 Reported Date: 17/03/2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.1...

MISP 2.4.171 Cross Site Scripting

Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Date: 8th October 2023 Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low...

Sumatra PDF 3.5.2 DLL Hijacking

Exploit Title: Sumatra PDF 3.5.2 DLL Hijacking Date: 06.02.2024 Exploit Author: Ravishanka Silva Vendor Homepage: https://www.sumatrapdfreader.org/free-pdf-reader Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.2 Tested on: Windows 10, Windows 11 CVE :...

runc 1.1.11 File Descriptor Leak Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'runc docker File Descriptor Leak Privilege Escalation', 'Description' = %q All versions of runc MSFLICENSE, 'Author' = 'h00die', msf module 'Rory...

Typora 1.7.4 Command Injection

Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 13.09.2023 Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps t...

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...

PCMan FTP Server 2.0 Buffer Overflow

Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Date: 09/25/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows...

ComSndFTP Server 1.3.7 Beta Denial Of Service

!/usr/bin/perl ComSndFTP Server Remote Format String Denial of Service DoS use strict; use warnings; use IO::Socket; $| = 1; my $host = "192.168.172.136"; my $port = "21""; my $payload = '%s%p%x%d'; print "Connecting... "; my $sock = IO::Socket::INET-new PeerAddr = $host, PeerPort = $port, Proto ...

Juniper SRX Firewall / EX Switch Remote Code Execution

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

Proxmox VE 7.4-1 TOTP Brute Force

Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...

Ricoh Printer Directory / File Exposure

Exploit Title: Ricoh Printer Directory and File Exposure Date: 9/15/2023 Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Rico...

TP-LINK TL-WR740N HTML Injection

Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Shujaat Amin ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: Windows 10...

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

Grocy 4.0.2 Cross Site Request Forgery

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must hav...

7 Sticky Notes 1.9 Command Injection

Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 12.09.2023 Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Serve...

Bank Locker Management System SQL Injection

Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Date: 12.09.2023 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/...

GoAhead Web Server 2.5 HTML Injection

Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5 may be others. Tested On Version: 2.5 in ZTE AC3630...

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling

Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/ Version: 8.5.7 to 8.5.63 or 9.0.44 or later CVE : CVE-2024-21733 Description: Apache Tomcat from 8.5.7...

GlobalScape Secure FTP Server 3.0 Denial Of Service

!/usr/bin/perl use strict; use IO::Socket; print "GlobalScape Secure FTP Server 3.0 - Denial of Service \n"; my $payload = "\x41\x42\x0a\x00"x147; my $buffer = "\x41"x2043 . "\x41\x42\x43\x00" . "\x42"x36 . $payload; my $sock = IO::Socket::INET-newPeerAddr = '192.168.0.10', PeerPort = 21, Proto =...

Solar FTP Server 2.1.1 Denial Of Service

!/usr/bin/python Exploit Title: Solar FTP Server 2.1.1 PASV Command - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 31 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Solar FTP Server 2.1.1 Tested on: Window XP Profession...

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5...

glibc syslog() Heap-Based Buffer Overflow

Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation...

XenForo 2.2.13 ArchiveImport.php Zip Slip

------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...

Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32 BankShot Vulnerability: Remote Stack Buffer Overflow SEH Description: The...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3 1.5.9 1.4.6 1.3.9...

glibc qsort() Out-Of-Bounds Read / Write

Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort ======================================================================== Contents ========================================================================...

Mirth Connect 4.4.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3...

httpdx 1.5.1 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: httpdx 1.5.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: http://httpdx.sourceforge.net Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.1/ Notificatio...

WS_FTP Server 5.0.5 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: WSFTP Server 5.0.5 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: 5.0.5 Tested on: Window XP Professional - Service Pack 2 and 3 -...

CSZCMS 1.3.0 SQL Injection

Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Date: 27/01/2024 Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the...

Savant 3.0 Denial Of Service

!/usr/bin/perl use IO::Socket; Exploit Title: Savant 3.0 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 27 january 2024 https://sourceforge.net/projects/savant/files/Savant/3.0/Savant30.exe/download Download to demo:...

Chrome 121 Javascript Fork Malloc Bomb

Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and about one in five runs the virtual machine freezes. SIGILL almost always is a sign of memory corruption : On android it...

Interactive Floor Plan 1.0 Cross Site Scripting

Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking Author: nu11secur1ty Date: 01/28/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/interactive-floor-plan-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflect...

Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read

python poc.py usage: python poc.py http://127.0.0.1:8888/ /etc/passwd import threading import http.client import time import uuid import urllib.parse import sys if lensys.argv != 3: print' usage: python poc.py http://127.0.0.1:8888/ /etc/passwd' exit databytes =...

PHPJ Callback Widget 1.0 Cross Site Scripting

Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking Author: nu11secur1ty Date: 01/26/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/callback-widget/ Reference: https://portswigger.net/web-security/cross-site-scripting Description: The Callback Requests functi...

Xitami 2.5b4 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5b4 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 29 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...

PSOProxy 0.91 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSOProxy 0.91 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 28 january 2024 Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/latest/download Download to demo:...

Reprise License Manager 15.1 Privilege Escalation / File Write

Multiple Vulnerabilities in Reprise License Manager 15.1 CVE-2023-43183, CVE-2023-44031 Credit: Mohaiman Rahim...

Seattle Lab Mail 5.5 Denial Of Service

use IO::Socket; sub intro print "\n"; print " Seattle Lab Mail SLmail 5.5 \n"; print " \n"; print " Coded By Fernando Mengali \n"; print " \n"; print " POP3 'PASS' Denied of Service - DoS \n"; print " \n"; print "\n"; intro; if !$ARGV0 && !$ARGV1 print "\nUsage: $0 \n"; exit0; my $host = $ARGV0; ...

Vinchin Backup And Recovery 7.2 Default Root Credentials

CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. Additional...