50738 matches found
FlightPath LMS 4.8.2 Insecure Direct Object Reference
==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Global Multi School Management System Express 1.0 SQL Injection
Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance...
FIRESHOP Advanced CMS 2.3 Arbitrary File Upload
==================================================================================================================================== | Title : FIRESHOP Advanced CMS v2.3 unrestricted file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
FoccusWeb CMS 0.1 Cross Site Scripting
====================================================================================================================================== | Title : FoccusWeb CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendo...
TSPlus 16.0.2.14 Insecure Permissions
Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...
TSPlus 16.0.0.0 Insecure Credential Storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
E-mailer Newsletter And Mailing System with Analytics + GEO location 1.16 Information Disclosure
================================================================================================================================== | Title : E-mailer Newsletter & Mailing System with Analytics + GEO location v1.16 information Disclosure vulnerability | | Author : indoushka | | Tested on : windows...
FOG Forum 0.8 Cross Site Scripting
==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
TSPlus 16.0.0.0 Insecure Permissions
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...
PHPJabbers Business Directory Script 3.2 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Date: 09/08/2023 Exploit Author: Kerimcan Ozturk Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/business-directory-script/ Version: 3.2 Tested on: Windows 10 Pro Description...
OVOO Movie Portal CMS 3.3.3 SQL Injection
Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...
Dolibarr 17.0.1 Cross Site Scripting
Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...
Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation
Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...
FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings
==================================================================================================================================== | Title : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
DoorGets CMS 7.0 Information Disclosure
==================================================================================================================================== | Title : DoorGets CMS v7.0 Sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Academy LMS 6.1 Cross Site Scripting / File Upload
Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 05/08/2023 Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 -...
Jorani Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jorani unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated Remote Code Execution in Jorani prior t...
Crypto Currency Tracker (CCT) 9.5 Add Administrator
Exploit Title: Crypto Currency Tracker CCT - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP...
Event Locations CMS 1.0.1 Shell Upload
==================================================================================================================================== | Title : Event Locations CMS V1.0.1 - unrestricted files upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Emaar Real Estate Agency Directory System 5.7 Shell Upload
==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Credit Lite 1.5.4 SQL Injection
Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access...
Evsanati Radyo 1.0 Shell Upload
==================================================================================================================================== | Title : evsanati radyo v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Fara Melk Estate CMS 1.5.0 Information Disclosure
==================================================================================================================================== | Title : Fara Melk Estate CMS v1.5.0 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Advisory ID: KL-001-2023-003 Publication Date: 2023.08.17 Publication URL:...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Advisory ID: KL-001-2023-001 Publication Date: 2023.08.17 Publication URL:...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation
KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Advisory ID: KL-001-2023-002 Publication Date: 2023.08.17 Publication URL:...
Maltrail 0.53 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Maltrail Unauthenticated Command Injection', 'Description' = %q Maltrail is a malicious traffic detection system, utilizing publicly available...
Greenshot 1.3.274 Deserialization / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Greenshot .NET Deserialization Fileformat Exploit', 'Description' = %q There exists a .NET deserialization vulnerability in Greenshot version...
Event Locations CMS 1.0.1 Cross Site Scripting
==================================================================================================================================== | Title : Event Locations CMS v1.0.1 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...
Education Time Indonesian School CRM 1.7 SQL Injection
==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
ExcessWeb And Network CMS 4.0 Database Disclosure
==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
EMH CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : EMH CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.364-bit | | Vendor :...
AudioCodes VoIP Phones Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-052 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...
EI Tube YouTube API 3 Cross Site Scripting
==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Evsanati Radyo 1.0 Insecure Settings
==================================================================================================================================== | Title : evsanati radyo v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
E-partenaire LMS 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : E-partenaire LMS v1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...
Erim Upload 4 Database Disclosure
==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
AudioCodes VoIP Phones Insufficient Firmware Validation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-055 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.4.1000 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Missing Immutable Root of Trust in Hardware...
AudioCodes VoIP Phones Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...
Hyip Rio 2.1 Cross Site Scripting / File Upload
Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382...
H2 Web Interface Create Alias Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...
Ekushey Project Manager CRM 3.1 Insecure Settings
==================================================================================================================================== | Title : Ekushey Project Manager CRM V3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
RaspAP 2.8.7 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...
Datoo Complete Dating Script 1.0 Insecure Settings
==================================================================================================================================== | Title : Datoo - Complete Dating Script v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
E-Fun CMS 5.0 XML Injection
==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
E-Journal Homoeo CMS 2.0.3 SQL Injection
==================================================================================================================================== | Title : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
eLitius 1.0 Backup Disclosure
==================================================================================================================================== | Title : eLitius v1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...
CSC-CMS 1.0.0 Insecure Settings
==================================================================================================================================== | Title : CSC-CMS v1.0.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | |...
Elite CMS Pro 2.01 SQL Injection
====================================================================================================================================== | Title : Elite CMS Pro V2.01 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-b...
doorGets CMS 7.0 Shell Upload
==================================================================================================================================== | Title : doorGets CMS v7.0 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...