50738 matches found
Freefloat FTP Server 1.0 Buffer Overflow
Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...
WEBIGniter 28.7.23 Cross Site Scripting
Title: WEBIGniter-28.7.23-XSS-Reflected Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the redirect request parameter is copied into the valu...
Kingo ROOT 1.5.8 Unquoted Service Path
Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...
Humhub 1.3.13 Shell Upload
==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Ivanti Avalance Remote Code Execution
""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...
NVClient 5.0 Stack Buffer Overflow
Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 2023-08-19 Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual:...
Impress CMS 1.3.9 Open Redirection
==================================================================================================================================== | Title : impress CMS v1.3.9 Open Redirect vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
ImpressionTech CMS 1.4 SQL Injection
==================================================================================================================================== | Title : ImpressionTech CMS ٍv1.4 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1...
CSZ CMS 1.3.0 Cross Site Scripting
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...
AdminLTE PiHole Broken Access Control
Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...
ImgHosting 1.3 HTML Injection
==================================================================================================================================== | Title : ImgHosting v1.3 html injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...
Linux 6.4 Use-After-Free / Race Condition
Linux 6.4: UAF race between mbind and VMA-locked page fault tested on git master, at commit 57012c57536f Summary: There's a race between mbind and VMA-locked page faults, leading to UAF. You can quickly hit this with a straightforward reproducer that just keeps calling mbind on one thread and...
Clcknshop 1.0.0 Cross Site Scripting
Exploit Title: Clcknshop 1.0.0 - Reflected XSS Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...
Clcknshop 1.0.0 SQL Injection
Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...
Tinycontrol LAN Controller 3 Remote Admin Password Change
!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...
Tinycontrol LAN Controller 3 Denial Of Service
Tinycontrol LAN Controller v3 LK3 Remote Denial Of Service Exploit Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of various types of...
Tinycontrol LAN Controller 3 Remote Credential Extraction
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
Oracle RMAN Missing Auditing
Title: CVE-2021-2207 - RMAN Controlfile Operation Not Audited Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Score: 2.3 Solution Status: Fixed CVE Reference: CVE-2021-2207 Author of Advisory: Emad Al-Mousa Overview: Audi...
PlayTube 3.0.1 Information Disclosure
Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...
Innovins CMS 4.7 SQL Injection
==================================================================================================================================== | Title : Innovins CMS v4.7 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Islam CMS 1.0 Code Injection
==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
Online ID Generator 1.0 SQL Injection / Shell Upload
Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...
PHP JABBERS PHP Review Script 1.0 Cross Site Scripting
Title: PHPJABBERS-PHP Review Script-1.0 XSS-Reflected Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-review-script/ Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the acti...
InterPhoto 2.3.0 Shell Upload
==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Easy Address Book Web Server 1.6 Buffer Overflow / Cross Site Scripting
Exploit Title: Easy Address Book Web Server v1.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-01-10 CVE: CVE-2023-4491, CVE-2023-4492, CVE-2023-4493 Vendor Homepage: http://www.efssoft.com/web-address-book-server.html Software Link : http://www.efssoft.com/eabws.ex...
Invasor Diagonal CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
IQ-Medya CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : İQ-Medya CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor ...
Apache NiFi H2 Connection String Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache NiFi H2 Connection String Remote Code Execution', 'Description' = %q The DBCPConnectionPool and HikariCPConnectionPool Controller Services...
Humhub 1.3.13 Directory Traversal
==================================================================================================================================== | Title : Humhub v1.3.13 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.032-bit |...
i-Gallery 3.4 Database Disclosure
==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
hudaallah Linker CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
HRM SAAS 2.1.9 Insecure Settings
==================================================================================================================================== | Title : HRM SAAS v 2.1.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit |...
Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...
PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
GOM Player 2.3.90.5360 MITM / Remote Code Execution
Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...
Hloun 1.0.0 Insecure Settings
==================================================================================================================================== | Title : Hloun V1.0.0 Rinstall Script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
imax CMS 1.0 SQL Injection
==================================================================================================================================== | Title : imax CMS v1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Grawlix 1.5.1 Cross Site Scripting
Title: grawlix-1.5.1 XSS-Reflected Author: nu11secur1ty Date: 08/29/2023 Vendor: https://getgrawlix.com/ Software: Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the ref request parameter is copied into the value of an HTML tag attribute which is...
HumbertoCaldas CMS 0.1.3 Cross Site Scripting
==================================================================================================================================== | Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...
Human Resource PMS 1.4 Database Disclosure
==================================================================================================================================== | Title : Human Resource PMS v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference
==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
HPBoost 4.0 Add Administrator
==================================================================================================================================== | Title : HPBoost v4.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor...
ImgHosting 1.2 Cross Site Scripting
==================================================================================================================================== | Title : ImgHosting v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
HS-booking CMS 2.79 SQL Injection
==================================================================================================================================== | Title : HS-booking CMS v2.79 SQl injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozila Firefox 68.0 32-bit |...
Hasan MWB 1 Add Administrator
==================================================================================================================================== | Title : Hasan MWB v1 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...
Hesk Rtl CMS 1 Cross Site Scripting
==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
HaasCMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : HaasCMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...
Hospital HMS 2.7 SQL Injection
====================================================================================================================================== | Title : Hospital HMS v2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
Global Domains International 2.0 Cross Site Scripting
==================================================================================================================================== | Title : Global Domains International v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...