50653 matches found
Cvanav-DAW CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : Cvanav-DAW CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendo...
Social-Commerce 3.1.6 Cross Site Scripting
Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4174...
Canon PIXMA TR4550 1.020 / 1.080 Unencrypted Secret Storage
Advisory ID: SYSS-2023-011 Product: PIXMA TR4550 Manufacturer: Canon Affected Versions: 1.020 / 1.080 also affects many other Canon inkjet printer models4 Tested Versions: 1.020 / 1.080 Vulnerability Type: Insufficient or Incomplete Data Removal within Hardware Component CWE-1301 Insufficiently...
Kolibri 2.0 Buffer Overflow
!/usr/bin/python3 Exploit Title: Kolibri GET request buffer Overflow Stack Egghunter Date: 2 Augst 2023 Exploit Author: Mahmoud NourEldin @Engacker Vendor App: https://www.exploit-db.com/apps/4d4e15b98e105facf94e4fd6a1f9eb78-Kolibri-2.0-win.zip Version: Kolibri 2.0 Tested on: Windows 10...
Diebold Nixdorf Vynamic View Console 5.3.1 DLL Hijacking
Exploit Title: DLL Hijacking in Diebold Nixdorf Vynamic View Console 5.3.1 Banking Software Date: 2023-08-04 Exploit Author: Matei Josephs Vendor Homepage:https://www.dieboldnixdorf.com/ Version: Diebold Nixdorf Vynamic View Console 5.3.1 CVE : CVE-2023-36344 Introduction ================= An iss...
Videoplay 1.3.0 Insecure Settings
====================================================================================================================================== | Title : Videoplay V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...
Webutler 3.2 Shell Upload
Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...
Coupons CMS 5.00 Open Redirect
==================================================================================================================================== | Title : Coupons CMS v5.00 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...
Shelly PRO 4PM 0.11.0 Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
VideoPRO CMS 2.0 Insecure Settings
==================================================================================================================================== | Title : VideoPRO CMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-b...
Voodoo Chat 1.0RC1b Information Disclosure
==================================================================================================================================== | Title : Voodoo chat v1.0RC1b Config Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Web Portal People CMS 2.8 Open Redirection
==================================================================================================================================== | Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0...
Adiscon LogAnalyzer 4.1.13 Cross Site Scripting
Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Date: 2023.Aug.01 Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There ar...
Virtual Snipers DMS 1.0 SQL Injection
==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...
VOC++ Business Special Edition Creatiff Original 1.3 Information Disclosure
==================================================================================================================================== | Title : VOC++ Business Special Edition Creatiff Original v1.3 Config Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
ReyeeOS 1.204.1614 Code Execution / Man-In-The-Middle
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...
Campcodes Online Matrimonial Website System 3.3 Cross Site Scripting
Exploit Title: Vulnerability in Campcodes Online Matrimonial Website System v3.3 allows code execution via malicious SVG file upload Date: 3-8-2023 Vendor Homepage: http://campcodes.com Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE:...
Citrix ADC (NetScaler) Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Forms SSO Target RCE', 'Description' = %q A vulnerability exists within Citrix ADC that allows an unauthenticated attacker t...
Xlight FTP Server 3.9.3.6 Stack Buffer Overflow
Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Discovered Date: 2023-08-04 Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow...
WordPress Ninja Forms 3.6.25 Cross Site Scripting
Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Date: 2023-07-27 Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link:...
WordPress Forminator 1.24.6 Shell Upload
Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...
Webedition CMS 2.9.8.8 Cross Site Scripting
Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS Application: Webedition CMS Version: v2.9.8.8 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author: Mirabbas...
Web Wiz Forums 12.06 SQL Injection
==================================================================================================================================== | Title : Web Wiz Forums 12.06 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit...
Webedition CMS 2.9.8.8 Remote Code Execution
Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...
Virtues cpanelCMS 1.0 SQL Injection
==================================================================================================================================== | Title : Virtues cpanelCMS v1.0 sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...
COURIER DEPRIXA 2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | |...
Ozeki SMS Gateway 10.3.208 Arbitrary File Read
Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read Unauthenticated Date: 01.08.2023 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://ozeki-sms-gateway.com Software Link: https://ozeki-sms-gateway.com/attachments/702/installwindows1689352737OzekiSMSGateway10.3.208.zip...
Intelliants Subrion CMS 4.2.1 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE', 'Description' = %q This module exploits an authenticated file upload...
Web Stock 3.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Web Stock v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
WordPress Adivaha Travel 2.3 Cross Site Scripting
Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...
PHPJabbers Service Booking Script 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/service-booking-script/ Tested on: Windows 10 Pro Impact: Manipulate the content ...
PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
Exploit Title: PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/ Tested on: Windows 10 Pro Impact: Manipulat...
WebCoder CMS 1.0 SQL Injection
==================================================================================================================================== | Title : WebCoder CMS v1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
WebCom CMS 1.0 SQL Injection
==================================================================================================================================== | Title : WebCom CMS v1.0 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...
Savant Web Server 3.1 Remote Buffer Overflow
Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow Egghunter Date: 30/07/2023 Exploit Author: 0xBOF90 Vendor Homepage: link Version: app version 3.1 Tested on: Windows 10 import socket import sys try: server = b"192.168.56.102" \x00\x0a\x0d\x25 port = 80 size = 253 msfvenom -p...
PHPJabbers Rental Property Booking 2.0 Cross Site Scripting
Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/ Tested on: Windows 10 Pro Impact: Manipulate t...
WEBinsta Mailing Manager 1.3 Information Disclosure
==================================================================================================================================== | Title : WEBinsta Mailing Manager V1.3 Data Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
PHPJabbers Bus Reservation System 1.1 Cross Site Scripting
Exploit Title: PHPJabbers Bus Reservation System 1.1 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/bus-reservation-system/ Tested on: Windows 10 Pro Impact: Manipulate the content ...
WebIncorp CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : WebIncorp CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...
Yourdoctor CMS 1.5 Insecure Direct Object Reference
==================================================================================================================================== | Title : Yourdoctor CMS v1.5 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
PHPJabbers Cleaning Business 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Tested on: Windows 10 Pro Impact: Manipulate the content o...
WebCalendar 1.3 Cross Site Request Forgery
==================================================================================================================================== | Title : WebCalendar v1.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...
PHPJabbers Taxi Booking 2.0 Cross Site Scripting
Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/taxi-booking-script/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site...
PHPJabbers Night Club Booking 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/ Tested on: Windows 10 Pro Impact: Manipulate the content...
Wolf CMS 0.8.1 Add Administrator
==================================================================================================================================== | Title : Wolf CMS v0.8.1 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vend...
WonderCMS 0.6-Beta Remote File Inclusion
==================================================================================================================================== | Title : WonderCMS v0.6-Beta File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit...
PHPJabbers Bus Reservation System 1.1 SQL Injection
Exploit Title: PHPJabbers Bus Reservation System 1.1 - SQL Injection Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/bus-reservation-system/ Tested on: Windows 10 Pro Impact: Database Access CVE:...
WordPress Adivaha Travel 2.3 SQL Injection
Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...