Human Resource PMS 1.4 Database Disclosure

==================================================================================================================================== | Title : Human Resource PMS v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Humhub 1.3.13 Directory Traversal

==================================================================================================================================== | Title : Humhub v1.3.13 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.032-bit |...

ImgHosting 1.2 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

GOM Player 2.3.90.5360 MITM / Remote Code Execution

Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

Hloun 1.0.0 Insecure Settings

==================================================================================================================================== | Title : Hloun V1.0.0 Rinstall Script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

hudaallah Linker CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

Hasan MWB 1 Add Administrator

==================================================================================================================================== | Title : Hasan MWB v1 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

HaasCMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : HaasCMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

haraj 1.1 Add Administrator

==================================================================================================================================== | Title : haraj V1.1 Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

Hospital HMS 2.7 SQL Injection

====================================================================================================================================== | Title : Hospital HMS v2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

Hasan MWB 1 Cross Site Scripting

==================================================================================================================================== | Title : Hasan MWB v1 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

Hesk Rtl CMS 1 Cross Site Scripting

==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 -...

Horse Market Sell And Rent Portal Script 1.5.7 Cross Site Scripting

==================================================================================================================================== | Title : Horse Market Sell & Rent Portal Script V1.5.7 xss via file uploads Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows ...

HighPlus CMS 0.1.3 SQL Injection

==================================================================================================================================== | Title : HighPlus CMS v0.1.3 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

FlightPath LMS 5.0-rc2 Cross Site Scripting

==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...

Jorani 1.0.3 Cross Site Scripting

Title: Jorani -v1.0.3-©2014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure Author: nu11secur1ty Date: 08/27/2023 Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...

Global Domains International 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Global Domains International v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

Hospital HMS 2 SQL Injection

====================================================================================================================================== | Title : Hospital HMS v2 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | ...

Gusto Recipes Management 1.5.1 Cross Site Scripting

==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Gravigra CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Gravigra CMS v1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...

GetSimple CMS 3.3.2 Cross Site Scripting

==================================================================================================================================== | Title : GetSimple CMS v3.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vend...

Gusto Recipes Management 1.5.1 Insecure Settings

==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

Business Directory Script 3.2 SQL Injection

Title: Business-Directory-Script-3.2 SQLi Author: nu11secur1ty Date: 08/25/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/business-directory-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The column parameter appears to...

G And G Corporate CMS 1.0 SQL Injection

==================================================================================================================================== | Title : G&G Corporate CMS v1.0 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bi...

Grawlix CMS 1.1.1 Cross Site Scripting

============================================================================================================================ | Title : Grawlix Cms v1.1.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://getgrawlix.com/ | | Dork : Powered by Th...

Global Domains International 2.0 HTML Injection

==================================================================================================================================== | Title : Global Domains International v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Groupoffice 3.4.21 Directory Traversal

==================================================================================================================================== | Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

User Registration And Login And User Management System 3.0 SQL Injection

Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection Unauthenticated Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

GraceHRM 1.0.3 Directory Traversal

==================================================================================================================================== | Title : GraceHRM v1.0.3 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit ...

FAST TECH CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : FAST TECH CMS v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | | Vendor...

Geeklog 2.1.0b1 SQL Injection

==================================================================================================================================== | Title : Geeklog v2.1.0b1 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | ...

doorGets CMS 12 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

User Registration And Login And User Management System 3.0 Cross Site Scripting

Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

GEN Security+ 4.0 Cross Site Scripting

==================================================================================================================================== | Title : GEN Security+ v4.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor...

Uvdesk 1.1.4 Cross Site Scripting

Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Date: 14/08/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP,...

Chamilo 1.11.18 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...

FlightPath LMS 5.0-rc2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v5.0-rc2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

G And G Corporate CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : G&G Corporate CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | |...

Foodiee CMS 1.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Foodiee CMS v1.0.1 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CrafterCMS 4.0.2 Cross Site Scripting

--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...

FixBook Repair Shop Management Tool 3.0 Hash Disclosure

==================================================================================================================================== | Title : FixBook - Repair Shop Management Tool v3.0 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

FlightPath LMS 4.8.2 Cross Site Scripting

==================================================================================================================================== | Title : FlightPath LMS v4.8.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor...

GEN Security+ 4.0 SQL Injection

==================================================================================================================================== | Title : GEN Security+ v4.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

SugarCRM 12.2.0 PHP Object Injection

------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...

Forma LMS 1.4 Database Disclosure

==================================================================================================================================== | Title : Forma lms v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bi...