50653 matches found
Event Booking Calendar 4.0 Cross Site Scripting
Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Date: 09/06/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value o...
JZDCMS 1.3 Cross Site Scripting
==================================================================================================================================== | Title : JZDCMS v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit | | Vendor :...
Cleaning Business Software 1.0 Cross Site Scripting
Title: Cleaning Business Software-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/06/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The...
Cinema Booking System 1.0 Cross Site Scripting
Title: Cinema Booking System-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/05/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference: https://portswigger.net/web-security/sql-injection Description: The name of an arbitrarily supplied URL...
OpenCart CMS 4.0.2.2 Brute Force
Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Date: 5-9-2023 Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force...
Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting
==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...
WordPress Newsletter 7.8.9 Cross Site Scripting
Vulnerability Summary from Wordfence Intelligence Description: Newsletter = 7.8.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Newsletter – Send awesome emails from WordPress Plugin Slug: newsletter Affected Versions: = 7.8.9 CVE ID: CVE-2023-4772 CVSS...
SolarView Compact 6.00 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarView Compact unauthenticated remote command execution vulnerability.', 'Description' = %q CONTEC's SolarView™ Series enables you to monitor...
ImgHosting 1.3 SQL Injection
==================================================================================================================================== | Title : ImgHosting v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...
WEBIGniter 28.7.23 Shell Upload
Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker...
AtlasVPN Linux Client 1.0.3 IP Leak
The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and leaks the users IP address. I am not yet aware of it being used in the wild. However, it shows that AtlasVPN does not take their users safety serious, because their software security...
WordPress WP Statistics 13.1.5 SQL Injection
Exploit Title: WP Statistics Plugin = 13.1.5 currentpageid - Time based SQL injection Unauthenticated Date: 13/02/2022 Exploit Author: psychoSherlock Vendor Homepage: https://wp-statistics.com/ Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip Version: 13.1.5 and prio...
WEBIGniter 28.7.23 Cross Site Scripting
Title: WEBIGniter-28.7.23-XSS-Reflected Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the redirect request parameter is copied into the valu...
FileMage Gateway 1.10.9 Local File Inclusion
Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...
Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication
The internet radio device auna IR-160 SE has multiple vulnerabilities. It uses the firmware UIProto, different versions of which can also be found in many other radios. 1. The firmware offers a rudimentary web API that can be reached on the local network on port 80. This API is completely...
Freefloat FTP Server 1.0 Buffer Overflow
Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...
Kingo ROOT 1.5.8 Unquoted Service Path
Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...
DLINK DPH-400SE FRU2.2.15.8 Information Disclosure
Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Date : 25-08-2023 Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the...
CSZ CMS 1.3.0 Cross Site Scripting
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...
Impress CMS 1.3.9 Open Redirection
==================================================================================================================================== | Title : impress CMS v1.3.9 Open Redirect vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
Ivanti Avalance Remote Code Execution
""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...
ImpressionTech CMS 1.4 SQL Injection
==================================================================================================================================== | Title : ImpressionTech CMS ٍv1.4 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1...
ImgHosting 1.3 HTML Injection
==================================================================================================================================== | Title : ImgHosting v1.3 html injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...
Linux 6.4 Use-After-Free / Race Condition
Linux 6.4: UAF race between mbind and VMA-locked page fault tested on git master, at commit 57012c57536f Summary: There's a race between mbind and VMA-locked page faults, leading to UAF. You can quickly hit this with a straightforward reproducer that just keeps calling mbind on one thread and...
AdminLTE PiHole Broken Access Control
Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...
Humhub 1.3.13 Shell Upload
==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
NVClient 5.0 Stack Buffer Overflow
Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 2023-08-19 Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual:...
Tinycontrol LAN Controller 3 Remote Admin Password Change
!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...
Tinycontrol LAN Controller 3 Denial Of Service
Tinycontrol LAN Controller v3 LK3 Remote Denial Of Service Exploit Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of various types of...
PlayTube 3.0.1 Information Disclosure
Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...
Clcknshop 1.0.0 Cross Site Scripting
Exploit Title: Clcknshop 1.0.0 - Reflected XSS Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...
Clcknshop 1.0.0 SQL Injection
Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...
Oracle RMAN Missing Auditing
Title: CVE-2021-2207 - RMAN Controlfile Operation Not Audited Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Score: 2.3 Solution Status: Fixed CVE Reference: CVE-2021-2207 Author of Advisory: Emad Al-Mousa Overview: Audi...
Tinycontrol LAN Controller 3 Remote Credential Extraction
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
InterPhoto 2.3.0 Shell Upload
==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Online ID Generator 1.0 SQL Injection / Shell Upload
Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...
Easy Address Book Web Server 1.6 Buffer Overflow / Cross Site Scripting
Exploit Title: Easy Address Book Web Server v1.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-01-10 CVE: CVE-2023-4491, CVE-2023-4492, CVE-2023-4493 Vendor Homepage: http://www.efssoft.com/web-address-book-server.html Software Link : http://www.efssoft.com/eabws.ex...
PHP JABBERS PHP Review Script 1.0 Cross Site Scripting
Title: PHPJABBERS-PHP Review Script-1.0 XSS-Reflected Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-review-script/ Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the acti...
Innovins CMS 4.7 SQL Injection
==================================================================================================================================== | Title : Innovins CMS v4.7 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Invasor Diagonal CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Islam CMS 1.0 Code Injection
==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
Apache NiFi H2 Connection String Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache NiFi H2 Connection String Remote Code Execution', 'Description' = %q The DBCPConnectionPool and HikariCPConnectionPool Controller Services...
IQ-Medya CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : İQ-Medya CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor ...
HumbertoCaldas CMS 0.1.3 Cross Site Scripting
==================================================================================================================================== | Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...
HS-booking CMS 2.79 SQL Injection
==================================================================================================================================== | Title : HS-booking CMS v2.79 SQl injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozila Firefox 68.0 32-bit |...
HPBoost 4.0 Add Administrator
==================================================================================================================================== | Title : HPBoost v4.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor...
Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...
HRM SAAS 2.1.9 Insecure Settings
==================================================================================================================================== | Title : HRM SAAS v 2.1.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit |...
imax CMS 1.0 SQL Injection
==================================================================================================================================== | Title : imax CMS v1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Grawlix 1.5.1 Cross Site Scripting
Title: grawlix-1.5.1 XSS-Reflected Author: nu11secur1ty Date: 08/29/2023 Vendor: https://getgrawlix.com/ Software: Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the ref request parameter is copied into the value of an HTML tag attribute which is...