50653 matches found
PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0...
PHPJabbers Meeting Room Booking System 1.0 CSV Injection
Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Test...
PHPJabbers Restaurant Booking System 3.0 Missing Rate Limiting
Exploit Title: PHPJabbers Restaurant Booking System v3.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...
PHPJabbers Hotel Booking System 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Hotel Booking System v4.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/hotel-booking-system/sectionDemo Version: v4.0 Tested on: Windows...
PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...
PHPJabbers Event Booking Calendar 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Event Booking Calendar v4.0 - No Rate Limit on Forgot Password Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version:...
PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Event Ticketing System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Tested on...
PHPJabbers Shared Asset Booking System 1.0 CSV Injection
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1.0 Test...
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....
PHPJabbers Hotel Booking System 4.0 CSV Injection
Exploit Title: PHPJabbers Hotel Booking System v4.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/hotel-booking-system/sectionDemo Version: v4.0 Tested on: Windows...
PHPJabbers Bus Reservation System 1.1 CSV Injection
Exploit Title: PHPJabbers Bus Reservation System v1.1 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/bus-reservation-system/sectionDemo Version: v1.1 Tested on:...
PHPJabbers Restaurant Booking System 3.0 Cross Site Scripting / HTML Injection
Exploit Title: PHPJabbers Restaurant Booking System v3.0 - Reflected XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...
PHPJabbers Restaurant Booking System 3.0 CSV Injection
Exploit Title: PHPJabbers Restaurant Booking System v3.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...
PHPJabbers Meeting Room Booking System 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Test...
PHPJabbers Night Club Booking Software 1.0 CSV Injection
Exploit Title: PHPJabbers Night Club Booking Software v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
Vulnerability Summary from Wordfence Intelligence Description: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress = 2.8.7 – Authorization Bypass via type connect-app API Affected Plugin: POST SMTP Mailer – Email log, Delivery Failure Notifications and Be...
PHPJabbers Night Club Booking Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Night Club Booking Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...
SimpleWebServer 2.2-rc2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSimpleWebServer 2.2-rc2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 11 january 2024 Vendor Homepage: http://www.pmx.it/ Download to demo:...
PHPJabbers Cinema Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Cinema Booking System v1.0 - Reflected Cross-Site Scripting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0...
PHPJabbers Bus Reservation System 1.1 Missing Rate Limiting
Exploit Title: PHPJabbers Bus Reservation System v1.1 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/bus-reservation-system/sectionDemo Version: v1.1 Tested on:...
PHPJabbers Shared Asset Booking System 1.0 Missing Rate Limit
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1.0 Test...
PHPJabbers Car Park Booking System 3.0 CSV Injection
Exploit Title: PHPJabbers Car Park Booking System v3.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on: Windows...
PHPJabbers Car Park Booking System 3.0 Missing Rate Limiting
Exploit Title: PHPJabbers Car Park Booking System v3.0 - Missing Rate Limiting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on:...
PHPJabbers Cinema Booking System 1.0 CSV Injection
Exploit Title: PHPJabbers Cinema Booking System v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Tested on:...
PHPJabbers Hotel Booking System 4.0 Cross Site Scripting / HTML Injection
Exploit Title: PHPJabbers Hotel Booking System v4.0 - Multiple HTML Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/hotel-booking-system/sectionDemo Version: v4.0 Tested o...
PHPJabbers Car Park Booking System 3.0 Cross Site Scripting / HTML Injection
Exploit Title: PHPJabbers Car Park Booking System v3.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on:...
Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak Anunak Vulnerability: Named Pipe Null DACL Family: Carbanak Type:...
Android DeviceVersionFragment.java Privilege Escalation
!/usr/bin/env python import subprocess Connect to the device via ADB subprocess.run"adb", "devices" Check if the device is in secure USB mode device = subprocess.run"adb", "shell", "getprop", "ro.adb.secure", stdout=subprocess.PIPE if "1" in device.stdout.decode: Secure USB mode is enabled, so we...
PSOProxy 0.5 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSOProxy 0.5 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 10 january 2024 Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/psoproxy/0.5/ Download to demo:...
cpio 2.13 Privilege Escalation
cpio privilege escalation vulnerability via setuid files in cpio archive Happy New Year, let in 2024 happiness be with you! : When extracting archives cpio at least version 2.13 preserves the setuid flag, which might lead to privilege escalation. One example is r00t extracts to /tmp/ and scidiot...
AdvantechWeb/SCADA 9.1.5U SQL Injection
;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST /waconfig/api/odbc/getSystemLog HTTP/2 Host: 192.168.56.106 Cookie: serverLanguage=en;...
liveSite 2019.1 Remote Code Execution
Exploit Title: liveSite Version : 2019.1 Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region...
Intrasrv Simple Web Server 1.0 Denial Of Service
!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...
io_uring __io_uaddr_map() Dangerous Multi-Page Handling
iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...
Form Tools 3.1.1 Cross Site Scripting
Exploit Title: Form Tools Version: 3.1.1 - Reflected XSS Date: 2024-6-1 Exploit Author: tmrswrr Vendor Homepage: https://formtools.org/ Version: 3.1.1 Tested on: https://www.softaculous.com/demos/FormTools 1 Write after formid your payload :...
Gom Player 2.3.92.5362 DLL Hijacking
Exploit Title: Gom Player 2.3.92.5362 - nvcuda.dll DLL Hijacking Date: 2023-01-03 Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.mrvar0x.com/ Version: 2.3.92.5362 Tested on: Windows 7, Windows 10 A DLL hijacking vulnerability has been discovered Gom Player 2.3.92.5362. When a...
iGalerie 3.0.22 Cross Site Scripting
Exploit Title: iGalerie Version: 3.0.22 - Reflected XSS Date: 2024-7-1 Exploit Author: tmrswrr Vendor Homepage: https://www.igalerie.org/ Version: 3.0.22 Tested on: https://softaculous.com/demos/iGalerie 1 Go to home page and click edit https://127.0.0.1/iGalerie/ Titre : "sVg/onLy=1...
PluXml Blog 5.8.9 Remote Code Execution
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Date: 2024-1-7 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in...
Femitter FTP Server 1.03 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: Femitter FTP Server 1.03 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 08 january 2024 Vendor Homepage: https://acritum.com/ Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing...
Linux 6.4 io_uring Use-After-Free
Linux =6.4: iouring: page UAF via buffer ring mmap Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" can be allocated with iouringregister...,...
Gom Player 2.3.92.5362 Buffer Overflow
Exploit Title: Gom Player 2.3.92.5362 - Buffer Overflow PoC Discovered by: Yehia Elghaly Mrvar0x Discovered Date: 04.01.2024 Vendor Homepage: https://www.gomlab.com/en Tested Version: 2.3.92.5362 Tested on: Windows 7, Windows 10 - Open GOM Player - Click on the settings - From the menu, select...
File Sharing Wizard 1.5.0 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...
httpdx 1.5.4 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: httpdx 1.5.4 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 06 january 2024 Vendor Homepage: http://httpdx.sourceforge.net Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.4/ Download 2 ...
Easy Chat Server 3.1 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: Easy Chat Server 3.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 05 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1ZbfeaWSEKlpvCG1eUtD0vNnfkNz8PlE/view Notification vendor: No reported...
Themebleed Windows 11 Themes Arbitrary Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146', 'Description' = %q When an unpatched Windows 11 host loads a theme file...
Easy File Sharing FTP Server 2.0 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 2.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 04 january 2024 Download to demo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing Notification vendor: No report...
WebCalendar 1.3.0 Cross Site Scripting
Exploit Title: WebCalendar Version: 1.3.0 - Stored XSS - Reflected XSS Date: 2024-3-1 Exploit Author: tmrswrr Vendor Homepage: http://www.k5n.us/webcalendar.php Version: 1.3.0 Tested on: https://www.softaculous.com/apps/calendars/WebCalendar Stored XSS 1 Write Events Add New Events Brief...
CMSMS 2.2.19 Arbitrary File Upload
Title: cmsms-2.2.19 - File Upload - RCE Author: nu11secur1ty Date: 12/29/2023 Vendor: https://www.cmsmadesimple.org/ Software: https://www.cmsmadesimple.org/downloads-header/cmsms/ Reference: https://portswigger.net/web-security/file-upload,...
minaliC 2.0.0 Denial Of Service
!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...
FTPDMIN 0.96 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: FTPDMIN 0.96 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 2024-01-01 Vendor Homepage: https://www.sentex.ca/mwandel/ftpdmin/ Download to demo: https://drive.google.com/file/d/1CpfvaJbJVxR3HPWvcxIVipTaTj7RAaLd/view?usp=sharing...