50738 matches found
Pyro CMS 3.9 Server-Side Template Injection
Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...
EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference
EuroTel ETL3100 Transmitter Authorization Bypass IDOR Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x37 Microprocessor: socs0t08/socs0s08...
PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery
Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Date: 05/08/2023 Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to...
Metabase Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metabase Setup Token RCE', 'Description' = %q Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even...
Emagic Data Center Management Suite 6.0 Remote Command Execution
Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Date: 03-08-2023 Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" echo " ESDS...
eHato CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : eHato CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...
Chevereto CMS 3.7.0 SQL Injection
==================================================================================================================================== | Title : Chevereto CMS V3.7.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit...
Deprixa 3.2.5 SQL Injection
==================================================================================================================================== | Title : Deprixa 3.2.5 Authentication Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit...
EuroTel ETL3100 Transmitter Default Credentials
EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x37 Microprocessor: socs0t08/socs0s08, Mode...
CMS BMGI International 4.0 SQL Injection
==================================================================================================================================== | Title : CMS BMGI International v 4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
eHato CMS 1.0 Open Redirection
==================================================================================================================================== | Title : eHato CMS 1.0 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...
Doubleclick Admin 1 Cross Site Request Forgery
==================================================================================================================================== | Title : Doubleclick Admin v1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...
Virtues cpanelCMS 1.0 SQL Injection
==================================================================================================================================== | Title : Virtues cpanelCMS v1.0 sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...
AMSS++ 6.11 SQL Injection
==================================================================================================================================== | Title : AMSS++ V 6.11 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...
Videoflix CMS 1.3 Insecure Settings
==================================================================================================================================== | Title : Videoflix Cms v1.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Varient News Magazine Script 2.2 Insecure Settings
====================================================================================================================================== | Title : Varient News Magazine Script V2.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Data Driven CMS 0.4.1 Database Disclosure
==================================================================================================================================== | Title : Data Driven CMS v0.4.1 database disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Voodoo Chat 1.3 Cross Site Scripting
==================================================================================================================================== | Title : Voodoo Chat v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...
eneblur CMS 1.0 SQL Injection
==================================================================================================================================== | Title : eneblur CMS 1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...
Video Whisper Conference 1.01 Cross Site Scripting
============================================================================ | Title : video whisper conference v1.01 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : https://www.videowhisper.com/demos/conference/ | | Dork : "Video Conference by...
GNOME Files 43.4 Privilege Escalation
Affected: GNOME Files 43.4 nautilus on fedora 37 Description: If an user A opens in GNOME files zip archive containing setuid file F, then F will be silently extracted to a subdirectory of CWD. If F is accessible by hostile local user B and B executes F, then F will be executed as from user A. ta...
EMIS WEB School CMS 1 SQL Injection
==================================================================================================================================== | Title : EMIS WEB School CMS V 1 blind SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CSC-CMS 1.0.0 SQL Injection
==================================================================================================================================== | Title : CSC-CMS v1.0.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | |...
Database Compilation 1.2 Cross Site Scripting
==================================================================================================================================== | Title : Database compilation CMS v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.232-bit ...
CMS BMGI International 4.0 Cross Site Scripting
==================================================================================================================================== | Title : CMS BMGI International v 4.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit |...
Social-Commerce 3.1.6 Cross Site Scripting
Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4174...
Cvanav-DAW CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : Cvanav-DAW CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendo...
Datalife Engine 10 SQL Injection
==================================================================================================================================== | Title : Datalife Engine v10 ir SQl injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
mooSocial 3.1.8 Cross Site Scripting
Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...
Coupons CMS 6.00 Open Redirection
==================================================================================================================================== | Title : Coupons CMS v6.00 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...
Web Portal People CMS 2.8 Cross Site Scripting
==================================================================================================================================== | Title : Web Portal People CMS v2.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | ...
CMS Genetics Centre 4.0.1 SQL Injection
==================================================================================================================================== | Title : CMS Genetics Centre v 4.0.1 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Adlisting Classified Ads 2.14.0 Information Disclosure
Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 25/07/2023 Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Tested on: Windows 10...
Conference Management Software 3.5.1 SQL Injection
==================================================================================================================================== | Title : Conference Management Software V3.5.1 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Web Wiz Forums 12.06 Database Disclosure
==================================================================================================================================== | Title : Web Wiz Forums 12.06 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...
Codoforum 5.2.1 File Upload
==================================================================================================================================== | Title : Codoforum v5.2.1 Arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Cyber Infinite CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Cyber Infinite cms v1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Videoplay 1.3.0 Insecure Settings
====================================================================================================================================== | Title : Videoplay V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...
Webedition CMS 2.9.8.8 Cross Site Scripting
Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS Application: Webedition CMS Version: v2.9.8.8 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author: Mirabbas...
COURIER DEPRIXA 2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | |...
Citrix ADC (NetScaler) Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Forms SSO Target RCE', 'Description' = %q A vulnerability exists within Citrix ADC that allows an unauthenticated attacker t...
ReyeeOS 1.204.1614 Code Execution / Man-In-The-Middle
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...
WordPress Adivaha Travel 2.3 Cross Site Scripting
Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...
Voodoo Chat 1.0RC1b Information Disclosure
==================================================================================================================================== | Title : Voodoo chat v1.0RC1b Config Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...
Xlight FTP Server 3.9.3.6 Stack Buffer Overflow
Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Discovered Date: 2023-08-04 Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow...
Shelly PRO 4PM 0.11.0 Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
Web Portal People CMS 2.8 Open Redirection
==================================================================================================================================== | Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0...
Canon PIXMA TR4550 1.020 / 1.080 Unencrypted Secret Storage
Advisory ID: SYSS-2023-011 Product: PIXMA TR4550 Manufacturer: Canon Affected Versions: 1.020 / 1.080 also affects many other Canon inkjet printer models4 Tested Versions: 1.020 / 1.080 Vulnerability Type: Insufficient or Incomplete Data Removal within Hardware Component CWE-1301 Insufficiently...
Web Wiz Forums 12.06 SQL Injection
==================================================================================================================================== | Title : Web Wiz Forums 12.06 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit...