AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

AudioCodes VoIP Phones Insufficient Firmware Validation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-055 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.4.1000 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Missing Immutable Root of Trust in Hardware...

Hyip Rio 2.1 Cross Site Scripting / File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382...

EMH CMS 0.1 Cross Site Scripting

==================================================================================================================================== | Title : EMH CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.364-bit | | Vendor :...

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

H2 Web Interface Create Alias Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...

Blood Donor Management System 1.0 Cross Site Scripting

Exploit Title: Blood Donor Management System - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...

E-Fun CMS 5.0 XML Injection

==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

E-Journal Homoeo CMS 2.0.3 SQL Injection

==================================================================================================================================== | Title : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

doorGets CMS 7.0 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v7.0 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Education Time Indonesian School CRM 1.7 Directory Traversal

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

RaspAP 2.8.7 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...

WordPress Core 5.6.2 XPath Injection

Exploit Title: WordPress Core 5.6.2 - Xpath Injection Date: 13/08/2023 Exploit Author: Behrouz Mansoori Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.6.2 Tested on: Mac VULNERABILITY DETAILS : This vulnerability allows remote attackers to...

Ekushey Project Manager CRM 3.1 Insecure Settings

==================================================================================================================================== | Title : Ekushey Project Manager CRM V3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Elevel CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Elevel CMS v1.0 authentication bypass vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Elite CMS Pro 2.01 SQL Injection

====================================================================================================================================== | Title : Elite CMS Pro V2.01 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-b...

CSC-CMS 1.0.0 Insecure Settings

==================================================================================================================================== | Title : CSC-CMS v1.0.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | |...

Datoo Complete Dating Script 1.0 Insecure Settings

==================================================================================================================================== | Title : Datoo - Complete Dating Script v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

eLitius 1.0 Backup Disclosure

==================================================================================================================================== | Title : eLitius v1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

BookingWizz 6.0.1 Information Disclosure

==================================================================================================================================== | Title : BookingWizz v6.0.1 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Eden CMS 1.02 Cross Site Scripting

==================================================================================================================================== | Title : Eden CMS v1.02 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vendor :...

Education Time Indonesian School CRM 1.7 Cross Site Scripting

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

E-Biz CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : E-Biz CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Microsoft Azure Subdomain Scanner / Enumerator

Background: Microsoft makes use of a number of different domains and subdomains for each of their Azure services. From SQL databases to SharePoint drives, each service maps to its respective domain/subdomain, and with the proper toolset, these can be identified through DNS enumeration to yield...

Ecommerce Responsive 1.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : Ecommerce Responsive v1.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

DBCInfoTech CMS 2.0 Administrator Reinstall

==================================================================================================================================== | Title : dbcinfotech CMS v2.0 Reinstall Script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

EasyPX CMS 06.02.04 Cross Site Scripting

==================================================================================================================================== | Title : EasyPX CMS V06.02.04 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vend...

E-commerce Growisei CMS 2.0 Insecure Settings

==================================================================================================================================== | Title : E-commerce Growisei CMS v2.0 insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, | EKI-1521 series vulnerable version| =1.21 CVE-2023-4202, =1.24 CVE-2023-4203 fixed version| 1.26 CVE number|...

Easy2Pilot 7 SQL Injection

==================================================================================================================================== | Title : Easy2Pilot V7 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendo...

Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Phoenix Contact TC Cloud Client 1002-4G, | TC Router 3002T-4G, Cloud Client 1101T-TX/TX vulnerable version| 2.07.2, 2.07.2, 2.06.10 fixed version| 2.07.2, 2.07.2...

helloGTX Travel Portal CRM 1.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : helloGTX Travel Portal CRM v1.6 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser ...

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Easy Web Portal 2.1.1 Cross Site Scripting

==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

Easy Password Manager 1.1 Information Disclosure

==================================================================================================================================== | Title : Easy Password Manager v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

TP-Link Archer AX21 Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

OutSystems Service Studio 11.53.30 DLL Hijacking

Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability...

Greeva 2.0 SQL Injection

==================================================================================================================================== | Title : Greeva 2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | | Vendo...

Maltrail 0.53 Remote Code Execution

Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...

Request-Baskets 1.2.1 Server-Side Request Forgery

Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...

Easy Member Pro 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Easy Member pro v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

i2soft CMS 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

FlatApp Premium Admin Dashboard 1.0 SQL Injection

==================================================================================================================================== | Title : FlatApp - Premium Admin Dashboard 1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

systemd 246 Local Root Privilege Escalation

Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...

DigaSell Digital Store PHP Script 1.0.0 SQL Injection

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 Blind Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

Digisha CMS 1.2.7 SQL Injection

==================================================================================================================================== | Title : Digisha CMS V1.2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | ...

DriverPack Solution CMS 17.11.108 Cross Site Scripting

==================================================================================================================================== | Title : DriverPack Solution CMS v 17.11.108 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Discussion On Kontackt 1.18 Cross Site Scripting

==================================================================================================================================== | Title : Discussion on Kontackt - The Exclusive PHP Social Network Platform v1.18 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pr...

Dynamic Journal CMS 2.5 Database Disclosure

==================================================================================================================================== | Title : Dynamic Journal cms v2.5 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...